A few weeks ago, InfoSecurity – Europe’s largest Information Security industry event – took place in London and we at Lepide exhibited our auditing and monitoring solution for the first time. Now that we have had time to collect our thoughts we thought it would be a good idea to share what we learnt from talking to some of the industry’s experts.
What we learnt is that, despite evidence of many organisations having really sophisticated solutions in place, 7 out of 10 organisations we spoke to still couldn’t answer critical questions about who has permissions to what, what their privileged users are doing or what’s happening to their data (i.e. their files/folders).
Insider threats are as dangerous as ever
The top 5 security breaches for the first few months of 2016 didn’t involve malicious IT hacking. Instead, theft, loss, improper disposal and unauthorized email access or disclosure were behind the largest incidents.
Take a real world example from Ofcom, the government-approved regulatory and competition authority for the broadcasting, telecommunications and postal industries of the United Kingdom, who suffered a major breach in 2016 due to an insider threat. A former Ofcom employee who still had access to sensitive data distributed it to a major broadcaster. This is not an isolated case and is a stern reminder that organisations, irrespective of size and budget, need to better audit permissions and track file/folder activity.
How are organisations dealing with this threat?
One of the most concerning things we noticed during our time at InfoSec was that, while many organisations spending a lot of money on a whole range of security solutions, they often didn’t have adequate means of keeping track of what their privileged users were doing.
If you are not able to see who is making changes to your most critical IT systems in real time you won’t be able to see a change that threatens your business until it is too late.
When it comes to keeping an eye on what your users are doing inside your systems then it is important to make sure you have a pro-active approach to tracking current permissions, permission changes and file/folder access and modifications. A lot of organisations rely on native auditing methods alone which can often be too time-consuming or difficult.
What’s the answer?
For the first time at InfoSec we exhibited LepideAuditor Suite; our comprehensive solution to the lack of visibility into critical IT systems. It gives you complete visibility into changes occurring in Active Directory, Exchange, SharePoint, SQL server, Group Policy and File Server. It actively monitors these systems and provides real time alerts when changes are made. It tracks current permissions and permission changes so that you can instantly see who has access to which files/folder and who granted them. The solution also gives complete visibility into what is happening inside your files/folders.
For every change it provides a single log that will give you details on who, what, when and where the change was made as well as over 270 pre-defined reports that help with a range of systems management, security and compliance challenges.
We believe that all organisations – irrespective of size, sector or budget – should be able to answer critical questions regarding user access, privileged user activity and how users are interacting with their critical files/folders (without breaking the bank). We don’t believe that native auditing is enough to mitigate the risks of insider abuse; this is why we have created LepideAuditor Suite.