Despite IT security budgets increasing year on year and organisations spending millions on security technology and software, data breaches continue to make big news. A recent Government survey shows that 65% of large organisations and 51% of medium and small businesses reported that they had suffered security breaches in 2016.
In fact, being difficult to monitor, employees are the weakest link in a good security posture. Inadvertent human errors, malicious or negligent employees and privileged user abuse are some of the main causes of data breaches. Incidents include sending sensitive information to incorrect recipients, publishing private data to public web servers, hi-jacking privileged users who have unconstrained access to your mission-critical data and applications.
"By 2018, organisations that monitor and analyse a broad spectrum of employee activities will experience 50% fewer insider data breaches than organisations that monitor internal communications only,” according to Andrew Walls, Research Vice President, Gartner Research.
To make matters worse, a large number of organisations fail to investigate data breaches in time and do not always report security incidents to external authorities. Almost half of IT professionals admitted to have missed internal or external deadlines for investigating or reporting a breach in the last year, a recent Balabit survey found.
So the question is, how can you monitor your privileged users, control what they do and prevent malicious activities without constraining your business?
Privileged User Monitoring
With enterprises typically having many admin and VDI users the monitoring of high risk or privileged accounts can be time-consuming. Balabit’s Contextual Security Intelligence (CSI) platform provides you with analysis content of a session and with the ability of a specific search, which increases efficiency. The solution records activities in searchable, movie-like audit trails and prevents malicious actions.
Tighter control over employees and partners
Who did what? As discussed above, inadvertent human errors and negligent employees account for a large portion of fatal data breaches so you need to assume that the attack will occur from inside your organisation. Each of these users leaves a digital footprint of their activities and behaviour on the system, Balabit collects these footprints and, through continuous machine learning, builds an updated profile for each user. Once it has recorded their activities and built a profile for these users, it reports on any deviations from that behaviour. It also monitors, records and audits your users, which allows the IT department to control their activities. In turn, this will lead to greater employee responsibility and reduction in human errors.
Balabit’s solution has a central policy and acts as a centralised authentication and access-point for your entire IT environment. The granular access control ensures you are in control of your data security and only the right individuals are given access to sensitive information. Authorised access to sensitive data is also tracked and continuously monitored in case of anomalies or human errors.
Real-time user behaviour analytics
Once the solution has established users’ profiles, it has the ability to provide real-time insights on their behaviour. This way IT managers can quickly determine whether a user has been hijacked and is acting out of his/her “normal” behaviour. When the solution flags a user as suspicious, it directly alerts security analysts and allows them to promptly respond and further investigate the issues.
Automated reaction on highly suspicious users
Balabit’s solution not only provides real-time monitoring but it can also automatically react by blocking the connection of the user when detecting highly unusual user activity. An automated reaction can prove to be essential as it can significantly reduce the time a malicious attacker has before being detected, which can prevent a further high-impact activity. This also allows the IT team to focus and invest more time and resources on crucial task other than user monitoring.
With over 1 million corporate users Balabit’s solution is certainly one to consider when looking to protect your organisation from the threats posed by the misuse of high risk and privileged accounts.
We hope this article has been of interest. If you are about to review your security provider and want to discuss the solutions we offer, please contact us and we will be happy to help you.