Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

6/24/2015
03:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

User Monitoring Not Keeping Up With Risk Managers' Needs

Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.

User negligence in handling sensitive data within applications may be a top security concern for IT executives today, but most organizations either don't have or are unsure if they truly have the capability to detect negligent activity within their application portfolio. So says the Ponemon Institute in a new study out today on the risks from application access and usage.

"Companies and their employees are becoming increasingly dependent upon applications to achieve business goals and increase productivity," the report says. "However, the proliferation of applications is creating a serious security risk because identifying users' risky behavior and non-compliance with policies can be nearly impossible."

Conducted among over 600 IT and IT security practitioners, the survey found that 71 percent of respondents have deficiencies in monitoring application access and usage. About a third of respondents said that monitoring is done by ad hoc or manual systems, and 20 percent reported that they use  homegrown systems that focus primarily on privileged users. Just one in eight use some sort of commercial auditing or monitoring product to keep tabs on application access and usage of typical users.  

As a result, over half of respondents said they have difficulty identifying application user activities that are illegal or inappropriate in real-time, and the same amount say they can't separate application user abuse from outside attacker activity. Nearly 80 percent of respondents admitted they either were unable, or didn't know if they were able, to capture the actions taken by any given application user from login to logout.

According to survey statistics, user negligence leads the IT security concerns posed by user activity, with 44 percent of respondents naming that as their top concern. Respondents reported that 71 percent of user-related breaches caused by negligence came at the hands of application users, compared with 18 percent by privileged users. And yet most investments today in user monitoring revolve around privileged users. The survey showed that 48 percent of organizations have systems to measure and monitor privileged users, but only 8 percent have similar systems for regular application users.  

"Historically, companies have identified these types of risks through audits and assessments of application access and usage logs. This manual process is resource intensive," the report said. "In addition, each application logs user actions differently and at varying levels of granularity with many applications not producing logs at all. These logs typically contain hundreds or thousands of discrete events in obscure technical language. As a consequence, organizations that rely upon logs from applications and devices find it nearly impossible to determine what a user actually did."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-5770
PUBLISHED: 2020-08-03
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5771
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
CVE-2020-5772
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.