Current Filter: Network>>>>>Feature>

   

Our perception of what constitutes securing IT infrastructure has most certainly shifted in recent times. Increasing concerns around the risk from insider threats, coupled with more complex and targeted malware and hacking, is creating pressure to invest even more significantly in IT security. Most of this spending however is targeted at upgrading network security to stop the bad guys getting in. However, the security challenge that many businesses are struggling with is how to deal with an increased threat from those who have hacked in or are already working inside your perimeter.

The good news is that these insider risks are generally much more visible and containable than the complex moving target of advanced persistent threats or polymorphic malware. Some relatively minor adjustments to the organisation's policy and processes can reap the double benefit of not only protecting it from hugely damaging insider leaks, but also making it harder for hackers to gain a foothold.

Here are five steps you can take to reduce the risk posed by internal network access.

One password: The only password people should know is their own. Poorly secured yet powerful master server accounts with access to multiple network systems continue to pose a threat. To determined insiders or hackers it's like opening a sweet jar. Once inside the system, they will find you almost defenceless. This point is perfectly demonstrated by the Sony Pictures hack. Wikileaks published a list of these servers and their exceptionally weak passwords.

This is an easy fix and it will also begin to force administrators to stop using shared passwords for servers. The next step is to deploy a password management tool that will change this password frequently enough to stop these accounts being misused.

Admin privilege: Network and other administrators should have access only when they need it. Increasingly, third-party providers or contractors are being given access to systems so they can work on projects across a network. But access needs to be monitored and revoked. Privileged user management tools can act as an internal firewall for access in this scenario with users required to request permission to remotely connect to servers and other resources.

Suffocating data: Many SIEM solutions will provide you with huge amounts of event logging data and in some cases be able to proactively detect risks. But event logging is only part of the story. Visibility could be the missing clue that you need to solve the puzzle: that is, actually seeing a user's actions in real time, or as recorded logs and videos of their session activity.

More than technology: If you're hiring IT pros you'll pride yourself on finding the best people to do a great job, but talented and hardworking employees may be prepared to abuse their privileges. Look out for the early signs and educate yourself on every possible motivation for those who pose a risk of attacking you from the inside. Exercise constant vigilance.

Strict focus: The scope of too many identity and access management projects is not tight enough and it's important that you don't bite off more than you can chew. Trying to solve too many problems actually risks achieving nothing. Gartner's Felix Gaehtgens questions the approach that many businesses take: "History is full of failed access management projects. We believe the key to success is to simplify the approach. Organisations should prioritise by identifying the low-hanging fruit and address all the things that should be done before implementation and it will make their IAM project more manageable," he says.

Managing, controlling and monitoring privileged users is a critical first step in beginning to minimise the risk posed by insider threats. NC