Translate

четвъртък, 17 ноември 2016 г.

Как да противодействаме на заплахите към информационната / кибер сигурност, предизвикани от "вътрешни" ("наши" хора) ? Част 3


Combating the Insider Threat
© 2015 Lancope, Inc.

Table of Contents

Chapter One
WHO IS ATTACKING YOUR NETWORK?
Chapter Two
INSIDER THREAT MOTIVES AND METHODS
Chapter Three
DETERRING INSIDER THREATS WITH TECHNOLOGY
Chapter Four
USING NETWORK LOGS TO THWART INSIDER THREATS
Chapter Five
BEYOND TECHNOLOGY
Chapter Six
SUMMARY & TOP 10 WAYS TO COMBAT INSIDER THREATS

Chapter Three

Deterring Insider Threats with Technology

Thankfully there are technologies that can help organizations deter or thwart insider threats.Here’s a look at which types of technologies are effective against each kind of insider threat.

Negligent Insiders
Various measures can be used to deter negligent activity and “keep honest people honest.”

Access Controls
Access controls can prevent people from obtaining sensitive data that they do not need in order to do their jobs. According to a December 2014 report by the Ponemon Institute, seventy-one percent of end users say that they have access to company data they should not be able to see.

Encryption of Data at Rest
Encryption of data at rest can also help prevent data loss by negligent insiders in the event that they lose
their laptops or other equipment.

Malicious Insiders

Access Controls
Access controls can also help prevent damage done by malicious insiders. Making it harder to access
sensitive data can keep honest people honest, but also put a wrench in the plans of malicious attackers.

Checks and Balances
Checks and balances are also extremely important in this arena. There should never be just one individual who has administrative access to a system, as this could essentially leave the person free to do whatever they want with the data or device – or even hold it hostage after leaving the company. Shared usernames/ passwords should also be avoided as they do not hold the individual users accountable, and could still be used by people who have since left the organization.

Logs from Endpoint Systems and Network Devices
Logs from endpoint systems and network devices can also be used to identify and investigate cases
of insider malice. For example, a case of financial fraud might be detected by examining database
logs from a credit card processing system, whereas a case of data theft might be noticed through
monitoring of network traffic.

Compromised Insiders

Compromised insiders are a much more challenging type of insider threat to combat since the real
attacker is on the outside, with a much lower risk of being identified. Typically, no amount of deterrence
will discourage them from carrying out their attack. Furthermore, traditional security solutions that focus on catching malware and exploits cannot identify the unauthorized use of legitimate accounts. In fact,
studies have shown that advanced attackers are on the network for a median of 243 days before being
detected. The use of network logs is really the only way to uncover and shut down this type of threat.




Няма коментари:

Публикуване на коментар