Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

6/24/2015
03:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

User Monitoring Not Keeping Up With Risk Managers' Needs

Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.

User negligence in handling sensitive data within applications may be a top security concern for IT executives today, but most organizations either don't have or are unsure if they truly have the capability to detect negligent activity within their application portfolio. So says the Ponemon Institute in a new study out today on the risks from application access and usage.

"Companies and their employees are becoming increasingly dependent upon applications to achieve business goals and increase productivity," the report says. "However, the proliferation of applications is creating a serious security risk because identifying users' risky behavior and non-compliance with policies can be nearly impossible."

Conducted among over 600 IT and IT security practitioners, the survey found that 71 percent of respondents have deficiencies in monitoring application access and usage. About a third of respondents said that monitoring is done by ad hoc or manual systems, and 20 percent reported that they use  homegrown systems that focus primarily on privileged users. Just one in eight use some sort of commercial auditing or monitoring product to keep tabs on application access and usage of typical users.  

As a result, over half of respondents said they have difficulty identifying application user activities that are illegal or inappropriate in real-time, and the same amount say they can't separate application user abuse from outside attacker activity. Nearly 80 percent of respondents admitted they either were unable, or didn't know if they were able, to capture the actions taken by any given application user from login to logout.

According to survey statistics, user negligence leads the IT security concerns posed by user activity, with 44 percent of respondents naming that as their top concern. Respondents reported that 71 percent of user-related breaches caused by negligence came at the hands of application users, compared with 18 percent by privileged users. And yet most investments today in user monitoring revolve around privileged users. The survey showed that 48 percent of organizations have systems to measure and monitor privileged users, but only 8 percent have similar systems for regular application users.  

"Historically, companies have identified these types of risks through audits and assessments of application access and usage logs. This manual process is resource intensive," the report said. "In addition, each application logs user actions differently and at varying levels of granularity with many applications not producing logs at all. These logs typically contain hundreds or thousands of discrete events in obscure technical language. As a consequence, organizations that rely upon logs from applications and devices find it nearly impossible to determine what a user actually did."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12957
PUBLISHED: 2019-06-25
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pd...
CVE-2019-12958
PUBLISHED: 2019-06-25
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
CVE-2019-12951
PUBLISHED: 2019-06-24
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
CVE-2019-10689
PUBLISHED: 2019-06-24
VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information.
CVE-2019-12346
PUBLISHED: 2019-06-24
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.