Insider Threat Detection
As media outlets broadcast security breaches with household names like Target and Home Depot, hundreds of less-famous breaches are occurring every day. Most of these have one thing in common; they come from the inside. As a result, IT organizations and the industry at large are beginning to shift their threat mitigation strategies.
One such recent shift occurred when Microsoft drew attention to a small Israeli startup, Aorato. The promise of threat detection technology that sees insider be…
AD Optimization and IAM
From the vantage point that most people have, even technical folks, Active Directory (AD) seems like it’s doing pretty well. How often can you not log in when you sit down at your PC? How often do you fail to find someone in the corporate directory in Outlook? How many times have you heard of an AD outage? Of course, those close to AD know this is an illusion.
AD has so many layers of failure resistance, it’s natural that it doesn’t show any cracks in day-to-day operations. That’s why when…
What is a Pass the Hash Attack and How to Defend Against it
There’s been a lot of talk recently about the “Pass the hash” and “Pass the ticket” threats. In this blog post, I’ll talk a bit about what these threats are, how real they are, and what you can do to protect yourself.
So first, what is it? These are two variations of the same threat. Pass the Hash and Pass the Ticket both work by impersonating a user on the network and spread to other systems by leveraging cached credentials. Let’s step back a bit first and discuss the basics.
At the ri…
Insider Threat is so important it will never make headlines
Right now the headlines in the security world are on fire with hacks and breaches. There is a nasty number brewing at DHS involving federal employees, and there is the alleged largest hack of username and password data ever as well. I say “alleged” because some in the security world have called some of the numbers being thrown around into question and I think they make some good points. Much of this has made it into mainstream news. People will be doing the Heartbleed dance and changing all t…
The Link Between Copy & Paste and a Potential Data Breach Drives DAG
One of the continually fascinating parts of my job is talking to customers and understanding how they decide to pursue some goals over others. Last week I had the chance to sit with a modest size department of a fairly large city. They have just brought on a new CIO and his top priority item is Data Access Governance (DAG). How did that become his top priority? The story his team told me was funny and scary at the same time. They are in the middle of a big project to clean up their citizen re…
Effective Risk Reduction
Risk reduction is often associated with prevention only. Effective security, however, also needs detection and response. Those three (prevention, detection, response) are the fundamental pieces of the process oriented approach to IT security, which allows us to effectively reduce the risk and is the subject of this article.
Risk and Countermeasures
Let’s assume that the risk has been identified. Then the decision about risk handling needs to be made. The risk can be:
a) reduced (counterm…
Active Directory Auditing and 3rd Party Backup Software
Having managed Active Directory and built solutions for the management of AD itself for many years, I’ve been asked by countless customers for my take on Active Directory Recovery solutions – Which is the best? What’s the best way to do it? Do you really need a 3rd party tool to do it right?
AD recovery software can be a very risky proposition.
Generally speaking, I believe it to be a violation of best practices to perform recoveries on Active Directory unless there has been a catastrophic …
The Data Access Governance (DAG) Market Heats Up
We’ve done 3 analyst briefings in the last 2 weeks. That’s not a huge surprise. What’s interesting is that these were analysts we had not spoken with before and that they all came to us. They all said the same thing, too. More people are asking about data access governance. It’s coming up in briefings about security, identity and access management (IAM), SIEM, information governance, master data management (MDM), eDiscovery, and more. It also seems it’s not just the “who has access to what?” …
Shared Network, Shared Security Burden
Days later, after New York-Presbyterian agreed to pay out the largest settlement ever in a HIPAA violation case ($4.8M), the only thing we can ask ourselves is, “Why did this happen, and how could this have been prevented?”
The breach was ultimately discovered by an external entity of the hospital when they found a deceased patient’s data online. However, they (the hospital), upon further investigation, found that the health records of another 6,800 hospital patients had become publically av…
What’s the Buzz About DFARS?
It seems as if every day, more and more regulations are being implemented across a broad range of industries. Consequently, more and more compliance and data breaches are making their way to the news.
One of our previous posts, “Export Control Compliance,” outlined some of the most prominent defense regulations instated today – ITAR and EAR. Another recent buzz word adding to this list is DFARS – The Defense Federal Acquisition Regulation Supplement.
DFARS was implemented as a supplemen…
