Insiders pose a significant risk to data security. Recent incidents have shown that unauthorized insider access can result in fraudulent activity and data leakage. Since insiders are granted access to networks, applications and data systems in order to perform their daily duties, it is not easy to restrict their access.
In order to mitigate the risk posed by insiders, it is necessary to restrict user's access to sensitive data to a business need to know, closely monitor user access to such data and reduce exposure to software vulnerabilities.
Alert, Block and Investigate Suspicious Activity
Identify abnormal behavior that may indicate fraudulent activity and malicious attacks. Real-time alerts on suspicious activities enable followed actions. Automatic blocking of is an effective way to stop insider attacks and fraudulent activity. Audit reports and analytical tools are needed to support forensic investigations.
Monitor Sensitive Data Usage by all Users
Users allowed access to sensitive data should be monitored. This applies to privileged as well as non-privileged users. Monitor all paths used for data access including application access, network access and direct access. Identify the specific user behind each data access request. The resulting audit trail is an essential component in addressing key regulatory requirements and supporting forensic investigations.
Identify, Mitigate Exposed Systems
Scan systems for known vulnerabilities and identify mis-configurations that expose data to risk. Identify missing patches and define how and when systems can be patched. Virtual Patching can provide a quick solution for exposed which cannot be fixed in a timely manner.
Discover Systems Containing Sensitive Data
Accurately mapping where sensitive data is located on database and file systems is the first step in mitigating the insider threat. Identify all systems hosting sensitive data, including unmanaged and "rogue" systems. Scan systems for well-known and custom sensitive data types to establish a baseline of systems in scope.
Enforce Separation of Duties and Eliminate Excessive Rights
Review user rights to verify that no single person can perform unauthorized fraudulent activity and conceal the tracks. Excessive rights which are not needed based on the user's job description should be revoked. Dormant user rights and accounts should be identifies and removed to avoid exploit attempts.
|SecureSphere Database Activity Monitoring and SecureSphere Database Firewall||
|SecureSphere Discovery and Assessment Server||
|User Rights Management for Databases||
|SecureSphere File Firewall||
|User Rights Management for Files||