Monday, 3 October 2016

Catch Internal Threats with File Integrity Monitoring Software

The Verizon Data Breach Investigations Report (DBIR), released in 2016, reveals that 77% of the breaches involved insiders, especially IT administrators or similar profiles employed by the organizations. The report also finds that around one-third of these culpable insiders enjoyed absolute access to privileged data as their key job responsibility. Most recently a more disturbing trend has emerged, which is insider-outsider collusion. The reports found that many insiders are working in collaboration with outsiders for immediate fraudulent gains causing theft of data or more precisely, ‘plundering of data’.


Various forms of the data theft threats involving insiders include privilege abuse, data mishandling, unapproved hardware or software, and possession abuse. Verizon’s analysis suggested that organizations should keep a vigil over all employees involving healthy level of suspicion, which comprises of technical safeguard for monitoring purpose. PCI-DSS Requirement #10 suggests implementation of regular audits. Automating audit trails and averting administrative users from editing data is one of the most important compliance requirements suggested the PCI-DSS.

How can File Integrity Monitoring Reduce Internal Threats?


Usually a standard File Integrity Monitoring (FIM) solution does not alleviate insider risks or threats. The majority of FIM solutions available in the market are not compliant with monitoring of log actions performed within the software itself. Employing such FIM solutions would invite great risks involving insider threats. Administrative users can manually disable the features when you have set up an average FIM software. Turn off monitoring of certain files or configurations can eliminate technical oversight. This enables the plunderer to access the files without appearing on the audit trail. Even if such fraudulent insiders wish they can do miserable changes to your critical system files, over that you would not be able to notify the culprit insider, as no alerts or logging details would be available on your standard FIM solution.

Following are some common human errors that needs to be addressed by your opted FIM software.

  • System misconfiguration
  • Phishing attack
  • Inadequate patch management
  • Sensitive information mailed to the wrong person
  • Lost devices (mobile or laptops)
  • Clicking on malicious URLs

The right type of FIM solution helps reducing internal risks by detecting negative changes caused by the inside users and inside errors. An agent-based FIM solution allows complete oversight into any broken policy or carelessness infecting the devices and network.


No comments:

Post a Comment