In the previous four posts, we analyzed the
causes for security incidents. We discussed how lack of internal controls, access
restrictions, centralized management, accountability, strong policies,
haphazard style of privileged password management and lack of proper activity monitoring give room for
security incidents. Let us now analyze how we can overcome these threats and security incidents:
causes for security incidents. We discussed how lack of internal controls, access
restrictions, centralized management, accountability, strong policies,
haphazard style of privileged password management and lack of proper activity monitoring give room for
security incidents. Let us now analyze how we can overcome these threats and security incidents:
Take preventive action, safeguard your data
With cyber-threats looming large, enterprises should think of taking
preventive action by strengthening internal controls. Manual processes
and home-grown tools may not be able to provide the desired level of
security and controls.
preventive action by strengthening internal controls. Manual processes
and home-grown tools may not be able to provide the desired level of
security and controls.
It is pertinent to quote here from a research report by Gartner:
“Manual procedures for managing shared account passwords can be
intrusive, interrupting normal operations and unacceptably delaying the
resolution of problems. These procedures can also be fragile, failing to
consistently deliver the desired level of control and accountability
and exposing organizations to insider threats.”
intrusive, interrupting normal operations and unacceptably delaying the
resolution of problems. These procedures can also be fragile, failing to
consistently deliver the desired level of control and accountability
and exposing organizations to insider threats.”
(Source: Gartner, Inc., “MarketScope for Shared-Account/Software-Account
Password Management”, Ant Allan, Perry Carpenter, 16 June 2009).
Bolster internal controls, access restrictions
One of the effective ways to achieve internal controls is to deploy a
Privileged Password Management Solution that could replace manual
processes and help achieve the highest level of security for the data. Privileged Password Managers help enterprises safeguard their data and
thereby avoid security incidents in more ways than one:
Privileged Password Management Solution that could replace manual
processes and help achieve the highest level of security for the data. Privileged Password Managers help enterprises safeguard their data and
thereby avoid security incidents in more ways than one:
- Administrative passwords can be stored in a centralized repository
in encrypted form – this helps avoid storing of the passwords in
volatile resources. Even if someone manages to get hold of the password
database, data cannot be deciphered - Role-based, granular access restrictions can be enforced –
administrators and other users get access only to the passwords that are
allotted to them, not all passwords - Passwords can be selectively shared with others on need basis –
sharing passwords by word of mouth completely avoided - Passwords can be
automatically changed at periodic intervals assigning a strong, unique
password to each resource – hackers cannot make wild guesses - For enhanced internal controls, administrators / users may even be
prevented from viewing the passwords in plain text. Instead, they could
be directed to just click a URL to directly access the resource - Users requiring temporary access to the passwords (like
contractors, partners) can be directed to follow password
request-release workflow granting time-limited access. After revoking
the permission, passwords can be automatically reset – this prevents
users getting access to the passwords that are no longer required for
them - All password access activities are completely audited – this helps
monitor the usage of privileged identities and fix accountability
issues when something goes wrong. It also helps the enterprise meet
regulatory compliance requirements - Real-time alerts on password actions
help administrators continuously track and control the administrative
passwords - If an administrator leaves the organization, passwords owned /
accessed by them can be transferred to some other administrator and the
passwords could be automatically reset – this helps avoid possible
misuse of the passwords by disgruntled users
Keep an eye on activities
Keeping an eye on the activities going on in the enterprises in an
absolute must. Logs from critical systems carry vital information that
could prove effective in preventing security incidents. Especially,
monitoring activities like user logons, failed logins, password access,
password changes, attempts to delete records and other suspicious
activities could help identify hacking attempts, malicious attacks, DoS
attacks, policy violations and other incidents.
absolute must. Logs from critical systems carry vital information that
could prove effective in preventing security incidents. Especially,
monitoring activities like user logons, failed logins, password access,
password changes, attempts to delete records and other suspicious
activities could help identify hacking attempts, malicious attacks, DoS
attacks, policy violations and other incidents.
It is worthwhile to have technology and tools in place to monitor activity in the network. As we had stressed earlier, an
automated approach to centralized log collection, analysis and reporting
for real-time situational awareness is essential from the standpoint of
enterprise security.
automated approach to centralized log collection, analysis and reporting
for real-time situational awareness is essential from the standpoint of
enterprise security.
Researchers repeatedly point out that identity theft incidents are on
the rise and it will only keep growing due to many reasons, including
economic situation, social factors and technological advancements that
make the tech-savvy criminals more creative every passing day.
the rise and it will only keep growing due to many reasons, including
economic situation, social factors and technological advancements that
make the tech-savvy criminals more creative every passing day.
Not all security incidents could be prevented or avoided; nor could any
software act as the panacea for all cyber security incidents. But, the
security incidents that happen due to lack of effective internal
controls and monitoring are indeed preventable. Enterprises should take
preventive action to combat cyber-criminals. Otherwise, they might just
end up locking the stable after the horse has bolted!
software act as the panacea for all cyber security incidents. But, the
security incidents that happen due to lack of effective internal
controls and monitoring are indeed preventable. Enterprises should take
preventive action to combat cyber-criminals. Otherwise, they might just
end up locking the stable after the horse has bolted!
Arm your enterprise with ManageEngine IT security software
ManageEngine has a range of affordable Enterprise Security Management
Software Solutions that help you build a secure fortress enabling you to
stay secure, ensure business continuity and enhance productivity. Using
ManageEngine Password Manager Pro, you can bolster internal controls; Firewall Analyzer & Eventlog Analyzer just act like watch towers and help in observing the happenings around and protect from potential threats.
Software Solutions that help you build a secure fortress enabling you to
stay secure, ensure business continuity and enhance productivity. Using
ManageEngine Password Manager Pro, you can bolster internal controls; Firewall Analyzer & Eventlog Analyzer just act like watch towers and help in observing the happenings around and protect from potential threats.
Password Manager Pro is a secure vault for storing and managing shared
sensitive information such as passwords, documents and digital
identities of enterprises. Using Password Manager Pro, you control the
access to
shared administrative passwords of any ‘enterprise resource’ such as
servers, databases, network devices, applications etc. PMP enables IT
managers to enforce standard password management practices such as
maintaining a central repository of all passwords, usage of strong
passwords, frequent changing of sensitive passwords and controlling user
access to shared passwords across the enterprise.
sensitive information such as passwords, documents and digital
identities of enterprises. Using Password Manager Pro, you control the
access to
shared administrative passwords of any ‘enterprise resource’ such as
servers, databases, network devices, applications etc. PMP enables IT
managers to enforce standard password management practices such as
maintaining a central repository of all passwords, usage of strong
passwords, frequent changing of sensitive passwords and controlling user
access to shared passwords across the enterprise.
Firewall Analyzer & Eventlog Analyzer
Keeping a watchful eye over the eventlog, application
log and trails from perimeter security devices is essential to safeguard
the organization from evolving internal and external threats and
optimize performance. This mandates:
log and trails from perimeter security devices is essential to safeguard
the organization from evolving internal and external threats and
optimize performance. This mandates:
- automatically collecting, analyzing, reporting, alerting and
archiving event log from distributed Windows hosts, Syslog from Unix
hosts and devices & Application log from servers and databases - monitoring, analyzing and reporting on logs from firewalls and other perimeter security devices
- troubleshooting network problems and optimize bandwidth usage & performance
- complete visibility on internal & external security threats
- meeting regulatory audit and compliance requirements
Firewall Analyzer and Eventlog Analyzer from ManageEngine precisely help achieve these.
Bala
ManageEngine IT Security & Compliance Solutions
Quick Video
|
Free Trial Download
|
White Papers
|
Success Stories
You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com
The original article/video can be found at Cyber-attack on Zappos: Information Security Lessons for Enterprises [Part-5]