Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/24/2013
04:32 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

5 Steps To Stop A Snowden Scenario

The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access

4. Education, education, education.
Training users on security and appropriate use and online behaviors means different things to different organizations. But like any training program, to be effective, it's all about engaging the user on his or her turf.

One major manufacturer took a different spin on training its users. "It's half [the] time on how to protect families and kids [online], and the other half on the workplace," Rachwald says. "They made it very personal and interesting."

Part of that includes empowering users in the kill chain. "It's called ownership," Bigman says. "We had this in the government ... you have to make sure employees are part owners of the issue by having a role in ensuring all data will be secure. They have to understand their activity is being monitored.

"If they do malicious things, there are sure to be administrative and legal actions," he says.

5. Revoke privileges from overprivileged users.
Know what your "super users" have access to, and lock them down so that they don't have complete control of the data. "Does he need access to all of this information" to do his job? Rachwald says.

Keep an eye out for aberrant behavior, he says. A red flag with Bradley Manning, for example, should have been when he downloaded massive amounts of data from SharePoint, Rachwald says. "You need the ability to stop that behavior," he says.

A password vault is one way to better manage privileged users. The vault can be used to store admin passwords and employ a feature where if the admin needs access to something, he puts in a request to the vault, Brock says. "The vault system sends the request on to an approver, who then approves that access for a certain period of time, say four hours," says Brock, who has used such a process. "The vault automatically changes the password, and the admin is logged out. It can only grant access for that task."

Mike Tierney, vice president, business development and operations, at insider threat prevention vendor SpectorSoft, says sys admins especially need scrutiny because they have so much access to sensitive information. "Companies are starting to establish a role outside of IT that's responsible for monitoring systems admins ... But there's always one last watcher who has to be trusted," he says.

SpectorSoft today rolled out an insider threat monitoring platform that provides an early warning system when policies are broken, data is stolen, or other fraud or illicit activity is detected. The Spector 360 Recon tool encrypts the continuously monitoring activity and stores it in a "vault" on users' PC or Mac workstations.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jvanbeek
50%
50%
jvanbeek,
User Rank: Apprentice
9/26/2013 | 9:40:45 PM
re: 5 Steps To Stop A Snowden Scenario
Stating that there is a two-person rule does not in any way mean that one person cannot still do what he wants--it just says that he is not supposed to. If there are actually checks to try to enforce the two person rule, whoever had the authority to setup that rule has the capability to get around it. If the government has information on a computer attached to a network, there is probably someone who can hack into it.
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1177
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-1942
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-1955
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-2926
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-20389
PUBLISHED: 2021-06-23
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.