Mutiny Blog

Using monitoring to defend against insider threats

The media are constantly bombarding us with the stereotypical image of the hacker, sat in a darkened room surrounded by screens full of code. But in reality, with firewalls and other counter measures, these external threats can be far less significant than the threats from inside your network. But what are these internal threats?

Over 90% of European businesses have suffered a data breach in the past five years, with 42% of this activity being undertaken by malicious insiders. Internal threats to your systems can actually come in a number of guises: the human element including discontented system admins maliciously damaging systems, staff potentially stealing intellectual property and spiteful employees leaking information and confidential data for political or financial gains. Then there are the devices inside your network, with ever increasing numbers of unknown attached BYOD and IoT devices.

Insider ThreatsHow do I prevent it?

Countering the human threat begins with getting your internal team on side. Each individual should know their responsibilities in the detection of suspicious activity, and understand how they can anonymously escalate their findings.

You should have a policy in place covering unacceptable behaviour when it comes to security adherence and outline the consequences for breaching this. You should also have a policy in place for leavers, ensuring their privileges and logins are removed as soon as possible.

In reality you cannot completely remove the potential for malicious activity, however you can try to minimise it through stricter security policies. For example, with non-administrative team members you can separate duties to prevent any one individual performing all the tasks required to cause damage. You can implement rights management that stops them being able to view or edit confidential information or documents. You can also require admin authorisation to implement configuration changes or set up accounts.

Administrators on the other hand, have free reign across the network and are much harder to stop. Admins can create their own back doors, and rogue accounts to allow them access. They have access to system configuration and files that can effectively kill your network. However, even when it comes to administrators, though it may appear so, you are not completely powerless. Using tools such as Restorepoint’s Universal console you can allow administrators access to the critical systems via an interface that never reveals the super user passwords, and allows activity to be tracked. Also, in the case of emergencies, configurations to be rolled back.

From a device perspective, setting up DMZ’s to restrict devices attached to your Wifi for example, can restrict their ability to probe and damage systems.

Monitoring for unusual activity

Monitoring is central to keeping an eye on activity on your network. Monitoring changes to files (especially log files) can warn of potential attempts to cover up activity. Detect when new user accounts are created and when unplanned activity is happening on the network. Know what devices are on your network and what they are doing. Detect and analyse spikes in traffic flow and potential data theft.

Monitoring with a tool such as Mutiny combined with Netflow helps you to see when activity is occurring across your network and to detect unusual activity which could signify a data theft. Analyse traffic at various points across your network and detect abnormal traffic flow. Security Information and Event Management (SIEM) provides real-time analysis of security alerts generated by network hardware and applications. Alerts can then be passed to trusted individuals to act on.

Mutiny can advise and help you implement technology to monitor and track unusual activity on your network. For more information, get in touch here.

2016 Posts

Christmas, are you ready? Make sure you have a relaxed holiday season.

Stopping the choke: Detecting bottle necks on your network.

Your part in the latest DDoS attacks and how you can help stop them

Using monitoring to defend against insider threats

10 things you need to check before calling the IT Helpdesk

The Benefits of Network Analytics in Education

Factors to consider when analysing your network performance

10 Considerations When Choosing a Network Monitoring Solution

The importance of monitoring your mail server

Freeing up your IT resources – It’s the summer and even Techies need a holiday...

How do I manage my growing network?

Still producing your management reports manually - Automating reporting for your business

How to reduce network troubleshooting time

Out of hours support - What happens when your network fails in the middle of the night?

Network performance issues you can address with monitoring

Maintaining the heartbeat of your network - Monitoring and gauging your server health.

The real cost of downtime: the importance and the cost effectiveness of monitoring.

On the road: Mobile monitoring for events and exhibitions

The customer service issue you haven’t thought of

Monitoring for retail: Safety, Efficiency, Compliance and Customer Service.

Home automation and monitoring: fad, fud or future

Integrating your environmental monitoring into your network.

Network monitoring for small businesses

Top Three Network Monitoring Requirements for Start-ups

The Internet of Things is coming, but don’t believe the hype

How to sell network monitoring to your CFO

Five Best Practice Tips for Effective Network Monitoring

Six reasons why IT monitoring and reporting is important to your business

Top tips to take control of your network infrastructure in 2016


2015 Posts

2016 Posts

Our Linkedin feed