Insider threat detection and prevention

Insider Threats may be the biggest risk to IT security you are likely to face and, as they technically have legitimate access to your systems, they can often be hard to detect. An insider may attack your critical servers or sensitive data for any number of reasons, malicious or otherwise, causing potentially severe damage to both the reputation and the bottom line of the business. Insider threats are often harder to defend against than external ones since the majority of insider threats are completely unintentional. The best way to combat them is to adopt strict security measures. Pro-active auditing of your IT infrastructure in order to track user activities and monitor configuration changes is of the utmost importance in the fight to minimize insider threats.

Security Video

Insider threat 1

Any user can be an insider threat

Any employee, ex-employee, contractor, business associate or third-party with a user account in Active Directory has the potential to be an insider threat. Such threats arise when these users gain authorized access to systems/data or attempt to breach IT security. Any of these people can leak sensitive data either accidentally or maliciously. LepideAuditor allows you to see patterns that may indicate when users have become an insider threat. It allows you to track permissions/permission changes, audit critical on-premises systems and track file/folder level activity. You can apply real-time or threshold alerts on assigning administrative privileges, granting access to a data folder, deleting a file/folder, successful/failed attempts to read a file and other critical events.

Insider threat 2

Mitigate insider threats with pro-active and continuous monitoring

Many organisations will only start to feel the effects of an insider threat once data has been leaked and it is too late to do anything about it. The only way to ensure that this does not happen is by adopting a pro-active and in-depth auditing strategy. LepideAuditor allows administrators to add single or multiple instances of Active Directory/Group Policy Objects, Exchange Server, SharePoint Server, SQL Server and File Server. The solution provides enterprise-wide visibility on these server components through a single powerful, easy-to-use console. You can browse through graphical Radar Tabs and generate over 270 pre-defined reports to give you complete visibility into changes being made.

Insider threat 3

Detect critical changes as they happen

Critical changes taking place in your systems could be affecting your organisation in adverse ways. If left unnoticed then these changes could be extremely damaging to the reputation and bottom line of the business. LepideAuditor plays an important part in detecting critical changes the instant they occur. It sends real-time alerts via email, as an update to its Radar Tab and as a push-notification to the LepideAuditor App (available on all Android or Apple smartphones).

Insider threat 4

Determine who is logging on to your systems

Depending on the Event Viewer for user logon and logoff details generates a lot of noise and may lead to you losing valuable time and information. LepideAuditor offers various pre-defined logon and logoff reports for Active Directory users. You can check which users have logged on at which computers and when a particular user has logged out. Using numerous reports, you can determine the time of first logon and last logoff of any user. If a user is trying to perform multiple logins at the same time on different computers, that can be an indication of a possible malware attack (especially when all of these attempts are being displayed in a “Failed Logon” report). With pre-defined logon reports, you can analyze which user accounts have been logged on at multiple computers at the same time even when they are in different locations.

Insider threat 5

Help Prevent privilege abuse

If someone is misusing or abusing the privileges delegated to their Active Directory account, you need to know. LepideAuditor enables you to detect the signs of privilege abuse in many ways, including: auditing all server components permissions, auditing all permissions to an object, comparing permissions of an object between two dates, historical permission analysis (of Active Directory, Exchange Server and File Server) and current permission reports (to show the currently effective permissions of Shared Folders).

Insider threat 6

Identify who is accessing data

Whenever privileges are granted, the first step an insider may take is to access critical data. You should know in real-time who had accessed business-related files and folders and what changes users have made to them. There are multiple reports in LepideAuditor that help you identify access attempts made by users to the data stored in Exchange Server, File Server, SQL Server and SharePoint. If a user tried to access the mailbox of another user, for example, the administrator would receive a real-time alert as an email and as a notification in the LepideAuditor App.

Insider threat 7

Mitigate the risks of inactive accounts

Active Directory acts as the backbone of the IT Infrastructure. Having a large number of inactive user and computer accounts in Active Directory can pose an insider threat. Inactive accounts can provide a way for users to gain access to critical servers or data in order to delete or leak it. Therefore, obsolete accounts should be treated as a security threat and dealt with accordingly. The in-built Active Directory Cleaner feature of LepideAuditor scans the Active Directory periodically, lists all unused user and computer accounts and enables you to take pre-defined actions to remove them. Its reports can be scheduled to be delivered to the intended recipients through email.

Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All trademarks acknowledged.