Given that over 35% of all cyber-attacks are directed at the finance sector, and we’re seeing unprecedented growth in the threat level, we know just how hard for the finance sector to stay ahead of the curve. Couple this with increasing strictness of regulatory compliance, including FISMA, PCI, SOX and GDPR, the need for visibility and governance over systems and data is greater than ever before. LepideAuditor specifically helps address common security and compliance needs in the banking and finance sector by offering a simple yet powerful platform to provide reports and alerts. We’ve helped some of the world’s largest finance companies achieve the insight they need around their data and systems.
Some common compliance regulations applicable to the finance sector include: FISMA, GLBA, SOX, ISO, PCI and GDPR. To help you address these requirements, LepideAuditor includes numerous pre-set compliance reports that can be used to pass compliance audits more easily. These reports include tracking logon and logoff activity, changes to privileged security groups, successful file reads, audit policy modifications and more.
On a fundamental level, one of the most important measures that can be taken is to ensure you know how users are interacting with files and folders. Specifically, ensuring that there’s a proactive way of identifying user behavior interaction with files and folders. Tracking aspects such as file copy, file access, file modified, file deletion and file renamed, ensures you have a detailed audit trail to help spot, prevent and prove inappropriate interaction with critical data stored on file shares.
A significant challenge for many banking and finance companies is preventing issues such as permission sprawl. For instance, when a user moves department the permissions are not always properly re-evaluated. Handling issues such as permission inheritance and being proactive when tracking changes to permissions and groups is essential in maintaining appropriate access. LepideAuditor offers alerting and reporting on when permissions are changed or modified. It also enables IT teams to pick a file or folder and show who has which permissions, how long they’ve had them for and how these were granted. Our solution lets you reverse Active Directory permission changes using its proprietary technology to help you maintain the policy of least privilege.
Banks remain a hot target for ransomware attacks, so ensuring you have a proactive means of keeping track of interactions with files, folders and systems that surround critical data is essential. LepideAuditor offers a means of alerting and reporting on trends around file access and file modification (encryption) which will help identify events symptomatic of a ransomware attack. You can also automate the execution of a script of your choosing, triggered by any alert, to respond upon the detection of such an attack. Actions such as change user account credentials, enable a firewall policy or terminate a specific process are a few examples of the actions that could be invoked from the script.
Data is almost never solely stored on the Windows File System. The majority of finance organizations also make use of SharePoint (on-premise or online), OneDrive for Business, Dropbox, SQL with its exceptional RDBMS capabilities to store data and Exchange (on-premise and online) to improve communication. LepideAuditor gives you complete visibility on all these components, Windows File Systems and NetApp Filers. Similarly, you can check changes being made to Windows Active Directory, Azure AD and Group Policy Objects.
A wide range of accounting, finance and banking software applications, either by default or manually, use SQL Server as their preferred backend partner for storing data. These third-party applications link to SQL Server through a SQL login or SQL user. What would happen if that login, user or database is deleted? LepideAuditor audits every change in the configuration of SQL Server and its databases and allows you to continuously keep monitor the health of your SQL environment. You can create real-time alerts for both configuration changes and health monitoring events using the advanced filtration and threshold limit.
The policies for locking a user account are in place to improve the security of the IT environment. If multiple accounts are being locked out, it’s a red flag. It could be a sign that an attacker, with a list of your Active Directory usernames, is trying to get access to your computers, data and the rest of your IT infrastructure. LepideAuditor delivers real-time alerts (also as per threshold limit) whenever one or multiple user accounts are locked out. You can use LepideAuditor to investigate the reasons behind account lockouts and even use the solution to unlock the accounts or reset their passwords.
Many organisations still rely on trust and native auditing as a strategy to mitigate against the risks posed by privileged user accounts. Using LepideAuditor, you can track privileged user activities across multiple platforms and see who is doing what, when, and from where. The reports can be sorted by user, to determine the most active privileged user making changes in multiple server components. LepideAuditor also allows you to check changes in the user account status. Bring out the good or bad signs of user activities by auditing user logon events at domain controllers and computers of Active Directory and SQL Server. Failed login events clearly indicate that somebody is using hit-and-trial methods to access your IT environment. You can also set real-time alerts (with advanced filtration and threshold limits) for critical changes by users, changes in user status and logon or logoff events.
Inactive user and computer accounts are a common threat vector that leads to many security concerns in the finance and banking sector. Keeping your Active Directory clean of such accounts is a critical part of any IT security plan. Using LepideAuditor, IT teams can identify inactive users and inactive computers in Active Directory and automate actions such as change password, disable the account, move to separate Organizational Unit and delete the account.
Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All trademarks acknowledged.