The last post, we started discussing the importance of protecting Active Directory and your unstructured data. Today, we’ll continue our discussion with the next three data security best practices to ensure the security of your data.
Monitoring activity is an essential capability, but be careful not to bite off more than you can chew. The best way to make effective use of your monitoring efforts is to focus on specific scenarios you’d like to detect. For instance, not every change in Active Directory is critical. In fact, most aren’t. However, the following changes and activities are the most important to be aware of at all times.
Monitoring these specific activities will prove much more effective than monitoring everything and trying to sift through the noise later.
One of the richest sources of security intelligence has been within your reach for quite some time. Yet few know how to leverage it properly. The vast majority of your Active Directory security logs are filled with the thousands or even millions of authentication events being handled by Active Directory every day. Being able to harness this data and pick out patterns of behavior from it is difficult, but infinitely useful when done right. Would you expect to see a single user attempt to authenticate to 200 systems in your environment in a 2 minute time period? Probably not. This is a prime example of malware infection and propagation using stolen credentials obtained using techniques like Pass the Hash and Pass the Ticket.
Being able to detect the following patterns of behavior will enable you to understand you’re under attack now, in time to do something about it.
How can you protect your sensitive data if you don’t even know where it is? Determining what you consider sensitive, and then pinpointing the locations of that information allows you to plan your response. The most common options are to move the data to safer locations, encrypt the data in place, verify systems containing sensitive data are patched properly and up to date with the latest anti-virus definitions, classify the data, or even delete the data if it is no longer needed. The bottom line is that if there is nothing there to steal, then you’re that much more secure.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.