Going on the Offense: How to Eliminate Internal Threats

Posted by Heather Howland on Jul 27, 2018 11:57:00 AM

Over the past few years, we’ve observed significant changes in the types of conversations we’re having with CISOs. What used to be discussions about how to keep bad guys out has evolved to how to manage and address internal threats. Internal threats come in a variety of shapes and sizes. It could be an attacker who has already gotten in and waiting for the right moment to make a move. It could also be an insider threat. It could be a malicious insider looking to do harm to the organization. Or it could be employees who don’t mean any harm but may doing things (knowingly or unknowingly) that could put an organization at risk.

With the perimeter all but dissolved, and as enterprises transition to the cloud, it’s becoming clear that identity, and where there are points of access, is the new perimeter. The challenge for many organizations is how to understand their posture around identity. This requires understanding who is doing what, when, and where, and understanding it across all applications and platforms on prem, in the cloud and in hybrid environments. Having a holistic view of identity--all users, privileges, access patterns and accounts--is becoming more critical in order to be more proactive and to have proper controls over accounts (privileged, user, service, and more) and to being able to protect accounts from compromise.

Read More

Topics: Insider Threats, ueba, CISO, User Behavior, User and Entity Behavior Analytics

Simplifying PCI DSS 3.2 Compliance with Preempt

Posted by Heather Howland on Feb 9, 2018 1:21:56 PM

If your organization handles credit cards, you are no doubt familiar with  Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.

Read More

Topics: Compliance, PCI, Passwords, Identity Verification, Adaptive Response, User Behavior

Corporate Culture Shift: Using Adaptive Security to Influence Employee Security Behavior

Posted by Heather Howland on Jan 12, 2018 7:19:33 AM

I’ve heard it many times from customers: “IT Security needs to be transparent to users in order to be successful.” Unfortunately, we are now in a digital age where things have dramatically changed and research has shown over and over that credential compromise is the top way that hackers breach an organization.

Read More

Topics: Identity Verification, CISO, Risk, User Behavior, Identity, Adaptive Threat Prevention

How Identity, Behavior & Risk Enable Security in the New Digital Age

Posted by Ajit Sancheti on Dec 7, 2017 6:07:51 AM

Enterprises are deploying more cloud services, embracing DevOps, leveraging on-premises applications and exploring other productivity and cost optimization solutions. As a result, it is becoming harder for them to know who within the organization has access to what and how that access is being used or, as we found out in our latest survey, being misused.

Read More

Topics: Adaptive Response, Identity, User Behavior, Risk, CARTA

Evolving Employee Security Measures from “Weak Link” to “Front Line Defense”

Posted by Ajit Sancheti on Dec 1, 2017 8:09:38 AM

It's easy to think that attackers have gained an unfair advantage over security professionals. The network perimeter has virtually dissolved, compelling enterprises to simultaneously work to keep the bad guys out while tackling multiple insider threats – naïve employees, malicious insiders, careless third parties, and undetected malware or intruders that have already breached network defenses.

The challenge for security teams today? Legitimate users and activities should not be impeded, but determining what activity to block and what to allow is not always easy.

Read More

Topics: Adaptive Response, Credential Compromise, Informaton Security, User Behavior, Insider Threats

Building Insider Threat Awareness into Security Awareness - Part 2

Posted by Preempt Guest Blogger on Jul 20, 2017 8:49:52 AM

In part 1 of the post on how Insider Threat Awareness is a vital component of Security Awareness, I talked about the different types of insider threats and some of the steps that security teams can do to protect themselves and educate employees.

 This week I want to explore whether that is enough and some tips for how to approach introducing Insider Threat Awareness training in your organization. 

To recap, at a high level here are some of the things security organizations can do:

Is this enough?

In a white paper (well worth reading in its entirety) about insider threats in nuclear security systems, the American Academy of Arts & Sciences (AMACAD) noted that there are deep organizational and cognitive biases that lead managers to downplay the threats insiders pose to their nuclear facilities and operations. Could insider threats be the elephant in the security room? Some of AMACAD’s findings are broadly applicable to many organizations and several may prompt you to re-evaluate your insider threat strategy:

  • Organizations that consider their staff to be part of a carefully screened elite can lead management to falsely assume that insider threats may exist in other institutions, but not in their organization.
  • The belief that personnel who have been through a background check will not pose an insider problem is remarkably widespread—a special case of the “not in my organization” fallacy. There are two reasons why this belief is mistaken. First, background checks are often not very effective. Second, even completely trustworthy employees may become insiders, especially if they are coerced.
  • High-security facilities typically have programs to monitor the behavior of employees for changes that might suggest a security issue. Security managers often assume that severe red flags warning of problems will not go unnoticed. But if individual incentive systems and information-sharing procedures encourage people not to report, even the reddest of red flags can be ignored.
  • Security-conscious organizations create rules and procedures to protect valuable assets. But such organizations also have other, often competing, goals: managers are often tempted to instruct employees to bend the security rules to increase productivity, meet a deadline, or avoid inconvenience.
  • Prevention of insider threats is a high priority, but leaders and operators should never succumb to the temptation to minimize emergency response and mitigation efforts in order to maintain the illusion that there is nothing to be afraid of. 

Insider threat awareness training

Insider threat awareness is a vital component of security awareness. The need for training and education is making news headlines: 

  • The deadline for Federal contractors to complete insider threat training programs prior to being granted access to classified information under a Department of Defense rule change passed on May 31. 
  • Harvard Business Review asserts that the best cyber security investment you can make is better training. C-level executives, board directors, shareholders, and other senior leaders must not only invest in training for their firm’s own employees but also consider how to evaluate and inform the outsiders upon whom their businesses rely — contractors, consultants, and vendors in their supply chains. Such third parties with access to company networks have enabled high-profile breaches, including Target and Home Depot, among others.
Read More

Topics: Insider Threats, User Behavior

The Cybersecurity Penalty Box. Yes or No?

Posted by Heather Howland on Jun 9, 2017 10:01:03 AM

Earlier this week, I published an article with ITSP Magazine that discusses a newly brewing concept within Enterprises around penalizing employees for bad security behavior. Can you imagine if your company penalized you for clicking on a phishing link? Or because you bent the security rules in order to get something done more easily?  

Read More

Topics: CISO, Insider Threat, User Behavior, ueba

IT Security’s 8th Sense - How Big Data and Human Behavior Provide an Edge

Posted by Eran Cohen on Mar 9, 2017 7:45:00 AM

Big Data is a revolution that in my opinion is equivalent to other epiphany moments such as when humanity (i.e. Galileo) identified that the sun isn’t moving. It's our planet that moves around it.  Science and discovery have changed the way people perceive the world.

Read More

Topics: big data, User Behavior

The New IT Security Job Requirements: Scientist, Psychologist, Psychic, Businessman

Posted by Ajit Sancheti on Feb 3, 2017 4:15:39 PM

In a recent article I wrote for ITSP Magazine, I discussed one of the prominent challenges that enterprises are facing today: the IT Security talent shortage. CISOs want to fill their security team bench with specialized engineers. The problem is, they aren’t readily available. In this post, I will share some of the highlights from the article and talk more about how to optimize skill development so we can grow the talent base for IT Security pros.

Read More

Topics: Security Skills, User Behavior, big data

Hardening and Protecting Network Infrastructure with UEBA and Behavioral Firewalls

Posted by Heather Howland on Jan 27, 2017 7:37:33 PM

The risks to employees and organizations from stolen or compromised credentials and information are well-known. And with hackers and insiders becoming more advanced and sophisticated in their techniques the global threat is increasing.  At a recent IT security forum,  I was speaking with a customer about an Alert (TA16-250A) that the United States Computer Emergency Readiness Team (US-CERT) released on “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations” and how User and Entity Behavior Analytics (UEBA)can help address some of their recommendations.  

Read More

Topics: Risk, ueba, User Behavior, Privileged Accounts, Credential Compromise, Multi-factor Authentication, Compliance