In the previous four posts, we analyzed the causes for security incidents. We discussed how lack of internal controls, access restrictions, centralized management, accountability, strong policies, haphazard style of privileged password management and lack of proper activity monitoring give room for security incidents. Let us now analyze how we can overcome these threats and security incidents:
Take preventive action, safeguard your data
With cyber-threats looming large, enterprises should think of taking preventive action by strengthening internal controls. Manual processes and home-grown tools may not be able to provide the desired level of security and controls.
It is pertinent to quote here from a research report by Gartner:
“Manual procedures for managing shared account passwords can be intrusive, interrupting normal operations and unacceptably delaying the resolution of problems. These procedures can also be fragile, failing to consistently deliver the desired level of control and accountability and exposing organizations to insider threats.”
(Source: Gartner, Inc., “MarketScope for Shared-Account/Software-Account Password Management”, Ant Allan, Perry Carpenter, 16 June 2009).
Bolster internal controls, access restrictions
One of the effective ways to achieve internal controls is to deploy a Privileged Password Management Solution that could replace manual processes and help achieve the highest level of security for the data. Privileged Password Managers help enterprises safeguard their data and thereby avoid security incidents in more ways than one:
- Administrative passwords can be stored in a centralized repository in encrypted form – this helps avoid storing of the passwords in volatile resources. Even if someone manages to get hold of the password database, data cannot be deciphered
- Role-based, granular access restrictions can be enforced – administrators and other users get access only to the passwords that are allotted to them, not all passwords
- Passwords can be selectively shared with others on need basis – sharing passwords by word of mouth completely avoided
- Passwords can be automatically changed at periodic intervals assigning a strong, unique password to each resource – hackers cannot make wild guesses
- For enhanced internal controls, administrators / users may even be prevented from viewing the passwords in plain text. Instead, they could be directed to just click a URL to directly access the resource
- Users requiring temporary access to the passwords (like contractors, partners) can be directed to follow password request-release workflow granting time-limited access. After revoking the permission, passwords can be automatically reset – this prevents users getting access to the passwords that are no longer required for them
- All password access activities are completely audited – this helps monitor the usage of privileged identities and fix accountability issues when something goes wrong. It also helps the enterprise meet regulatory compliance requirements
- Real-time alerts on password actions help administrators continuously track and control the administrative passwords
- If an administrator leaves the organization, passwords owned / accessed by them can be transferred to some other administrator and the passwords could be automatically reset – this helps avoid possible misuse of the passwords by disgruntled users
Keep an eye on activities
Keeping an eye on the activities going on in the enterprises in an absolute must. Logs from critical systems carry vital information that could prove effective in preventing security incidents. Especially, monitoring activities like user logons, failed logins, password access, password changes, attempts to delete records and other suspicious activities could help identify hacking attempts, malicious attacks, DoS attacks, policy violations and other incidents.
It is worthwhile to have technology and tools in place to monitor activity in the network. As we had stressed earlier, an automated approach to centralized log collection, analysis and reporting for real-time situational awareness is essential from the standpoint of enterprise security.
Researchers repeatedly point out that identity theft incidents are on the rise and it will only keep growing due to many reasons, including economic situation, social factors and technological advancements that make the tech-savvy criminals more creative every passing day.
Not all security incidents could be prevented or avoided; nor could any software act as the panacea for all cyber security incidents. But, the security incidents that happen due to lack of effective internal controls and monitoring are indeed preventable. Enterprises should take preventive action to combat cyber-criminals. Otherwise, they might just end up locking the stable after the horse has bolted!
Arm your enterprise with ManageEngine IT security software
ManageEngine has a range of affordable Enterprise Security Management Software Solutions that help you build a secure fortress enabling you to stay secure, ensure business continuity and enhance productivity. Using ManageEngine Password Manager Pro, you can bolster internal controls; Firewall Analyzer & Eventlog Analyzer just act like watch towers and help in observing the happenings around and protect from potential threats.
Password Manager Pro is a secure vault for storing and managing shared sensitive information such as passwords, documents and digital identities of enterprises. Using Password Manager Pro, you control the access to shared administrative passwords of any ‘enterprise resource’ such as servers, databases, network devices, applications etc. PMP enables IT managers to enforce standard password management practices such as maintaining a central repository of all passwords, usage of strong passwords, frequent changing of sensitive passwords and controlling user access to shared passwords across the enterprise.
Firewall Analyzer & Eventlog Analyzer
Keeping a watchful eye over t
he eventlog, application log and trails from perimeter security devices is essential to safeguard the organization from evolving internal and external threats and optimize performance. This mandates:
he eventlog, application log and trails from perimeter security devices is essential to safeguard the organization from evolving internal and external threats and optimize performance. This mandates:
- automatically collecting, analyzing, reporting, alerting and archiving event log from distributed Windows hosts, Syslog from Unix hosts and devices & Application log from servers and databases
- monitoring, analyzing and reporting on logs from firewalls and other perimeter security devices
- troubleshooting network problems and optimize bandwidth usage & performance
- complete visibility on internal & external security threats
- meeting regulatory audit and compliance requirements
Firewall Analyzer and Eventlog Analyzer from ManageEngine precisely help achieve these.
Bala
ManageEngine IT Security & Compliance Solutions
Quick Video | Free Trial Download | White Papers | Success Stories