Finding the Insider Threat

Unified threat management firewalls, endpoint protection, and email gateways are all designed to protect the network from outside threats. Security awareness training is designed to educate employees about how to spot threats and become instrumental in defending against threats.

The issue at hand is that no matter what security defenses are in place, corporations still need to follow a zero-trust mentality to safeguard customers, employees, and proprietary information. The threat that can be one of the hardest to protect oneself against is the threat from inside the corporation. For the most part, this is not part of a malicious plan, but one of human error, or the result of a third-party breach.

On the other hand , employees can be duped via social engineering or phishing;, even experts within the security industry have been victim to this. Hopefully, when this occurs, the employee reaches out to the IT team to let them know that they provided their credentials to a fake website or that they clicked on a link that they should not have. What happens if one of your employee’s credentials has already been part of a previous breach?

In the last couple of weeks, there have been numerous reports of stolen information that are available for sale on the dark web, and either you or your co-workers could be among them. If you’re concerned, you can check to see if your credentials were disclosed by going to haveibeenpwned.com. You may find the results surprising , and maybe even a little scary.

The other potential weakness is the mass migration to working from home due to COVID-19. Organizations implemented collaboration and meeting tools rapidly, and employees had to use their existing internet connection from home, which may not have a robust firewall and often have a shared (family) connection.

Reviewing the log files from your employee’s desktops and laptops is critical; they are the breadcrumbs of activity and can be essential in determining if there is an active threat on your system.

A threat actor can gain entry to your network using a username and password and then try to gain privileged access to the more sensitive information on your network, such as financials, customer list, or proprietary and patented information to sell for profit.

Snare Central is one of the few systems that can provide an early alerting system for unusual activity by a user or if a user is attempting to escalate their privileges with little configuration . The bonus is the event logs are transmitted in real-time, ensuring that the threat actors cannot cover their tracks.

Integrating Snare Central with your SIEM/UEBA will provide a robust monitoring system to safeguard your organization from an insider threat.