Protect Data Against Escalating Insider Threats
Rapidly detect and respond to mitigate risk.
A comprehensive Security Management Infrastructure (SMI) solution detects and mitigates insider threat risk. See how through the eyes of one federal agency’s IT team.
Maximizing Real-Time Visibility to Minimize Risk
A pair of Tier 1 analysts keeps tabs on dashboards offering a global view of security issues, risks and events across the agency’s network. Data is reported and correlated, based on continuous monitoring by the Security Management Infrastructure (SMI) solution, which incorporates incident monitoring, intrusion and threat detection, Security Information and Event Management (SIEM) and behavior analysis.
Monitoring That Matters
A few months earlier, one of the analysts had received an alert that a user was attempting to log into an account with the wrong password more than five times. As instructed, the analyst immediately alerted a Tier 2 analyst, who quickly determined that it was simply a case of a new employee forgetting his password.
Three weeks ago, another alert revealed that a super user with appropriate privilege rights had been printing hundreds of pages outside of work hours. The analyst alerted his supervisor and the decision was made to monitor the user vigilantly to determine whether the action was an anomaly or part of a persistent pattern that might signal inappropriate activity.
Alerted to Potential Trouble
Earlier this week, an alert indicated an internal attempt by an authorized user to reconfigure a switch and access unauthorized networks and data. In this case, managers deemed the action suspicious enough to immediately terminate his user privileges to prevent any data removal – whether malicious or accidental – and launched a thorough investigation into his motives.
This ability to detect a potential breach and mitigate the threat before costly financial and reputational damage occurred is exactly why the agency chose to invest in the SMI solution initially.
Tackling Internal Data Breach Worries
Ever since learning that Edward Snowden walked out of the NSA with thousands of classified documents on a thumb drive, the IT team’s concerns about protecting the agency’s sensitive data from internal as well as external threats have multiplied exponentially.
Although the team had already implemented a multi-faceted security strategy to protect against increasingly sophisticated threats from nation-states, organized crime and other malicious outside sources, they knew that traditional perimeter defenses were not enough anymore.
Deploying a Customized SMI Solution
Recognizing they did not have the in-house expertise required to design and deploy a strategy to detect, deter and mitigate insider threats, the team turned to an experienced partner to help make sure the agency’s network was properly protected.
The customized, modular SMI solution, built on technologies from several leading vendors and operating on the agency’s existing hyperconverged infrastructure (HCI), incorporated software tools ranging from SIEM to intrusion detection to application management controls, and a single-pane-of-glass dashboard for easy monitoring.
Combined with a comprehensive Risk Management Framework and NIST 800-53 control capabilities, the solution enables the IT team to confidently defend its network against today’s increasingly sophisticated internal as well as external cyberthreats.
Explore how CDW-G can help you prevent costly data breaches from the inside out.
You May Also Like
What's the difference between a stateful and a stateless firewall? Which one is the best choice to protect your business?
What are the differences between hard tokens and soft tokens? How do you find the right token type for your network security?
Firewalls are not a one-size-fits-all security solution for every business, and organizations must identify what firewall type is right for their network security needs.