Solutions in Action

Protect Data Against Escalating Insider Threats

Tech Solutions Library > 2019 > Protect Data Against Escalating Insider Threats
Rapidly detect and respond to mitigate risk.
August 08, 2019

A comprehensive Security Management Infrastructure (SMI) solution detects and mitigates insider threat risk. See how through the eyes of one federal agency’s IT team.

Maximizing Real-Time Visibility to Minimize Risk

A pair of Tier 1 analysts keeps tabs on dashboards offering a global view of security issues, risks and events across the agency’s network. Data is reported and correlated, based on continuous monitoring by the Security Management Infrastructure (SMI) solution, which incorporates incident monitoring, intrusion and threat detection, Security Information and Event Management (SIEM) and behavior analysis.

Monitoring That Matters

A few months earlier, one of the analysts had received an alert that a user was attempting to log into an account with the wrong password more than five times. As instructed, the analyst immediately alerted a Tier 2 analyst, who quickly determined that it was simply a case of a new employee forgetting his password.

Three weeks ago, another alert revealed that a super user with appropriate privilege rights had been printing hundreds of pages outside of work hours. The analyst alerted his supervisor and the decision was made to monitor the user vigilantly to determine whether the action was an anomaly or part of a persistent pattern that might signal inappropriate activity.

Alerted to Potential Trouble

Earlier this week, an alert indicated an internal attempt by an authorized user to reconfigure a switch and access unauthorized networks and data. In this case, managers deemed the action suspicious enough to immediately terminate his user privileges to prevent any data removal – whether malicious or accidental – and launched a thorough investigation into his motives.

This ability to detect a potential breach and mitigate the threat before costly financial and reputational damage occurred is exactly why the agency chose to invest in the SMI solution initially.

Tackling Internal Data Breach Worries

Ever since learning that Edward Snowden walked out of the NSA with thousands of classified documents on a thumb drive, the IT team’s concerns about protecting the agency’s sensitive data from internal as well as external threats have multiplied exponentially.

Although the team had already implemented a multi-faceted security strategy to protect against increasingly sophisticated threats from nation-states, organized crime and other malicious outside sources, they knew that traditional perimeter defenses were not enough anymore.

Deploying a Customized SMI Solution

Recognizing they did not have the in-house expertise required to design and deploy a strategy to detect, deter and mitigate insider threats, the team turned to an experienced partner to help make sure the agency’s network was properly protected.

The customized, modular SMI solution, built on technologies from several leading vendors and operating on the agency’s existing hyperconverged infrastructure (HCI), incorporated software tools ranging from SIEM to intrusion detection to application management controls, and a single-pane-of-glass dashboard for easy monitoring.

Combined with a comprehensive Risk Management Framework and NIST 800-53 control capabilities, the solution enables the IT team to confidently defend its network against today’s increasingly sophisticated internal as well as external cyberthreats.

Safeguard your data from malicious – or accidental – internal threats with a comprehensive cybersecurity solution

CDW•G experts and our partners can help you orchestrate a flexible, scalable Security Management Infrastructure solution that meets the specific needs of your agency.

Explore how CDW-G can help you prevent costly data breaches from the inside out.

Share this article

You May Also Like

Tech Tips

Stateful vs. Stateless Firewalls

What's the difference between a stateful and a stateless firewall? Which one is the best choice to protect your business?

Tech Tips

What are the differences between hard tokens and soft tokens?

What are the differences between hard tokens and soft tokens? How do you find the right token type for your network security?

Tech Tips

Comparing Different Firewall Types

Firewalls are not a one-size-fits-all security solution for every business, and organizations must identify what firewall type is right for their network security needs.

MKT38128