Johannesburg, 15 Apr 2015
Continuous end-point visibility has a massive role to play in mature security programs. J2 Software's customers with mature security programs have invested heavily in perimeter security, logging, and enhanced server/endpoint controls, and still see significant improvement in their security posture from the endpoint visibility and risk scoring delivered by Dtex's SystemSkan, says John Mc Loughlin, J2 Software Managing Director.
He provides some examples of customer findings in locked-down companies:
Misconfiguration and bypass
An expensive DLP system is installed, but SystemSkan still detects corporate data stored on removable media. This is a very common finding, usually due to the DLP system being improperly configured, a lenient exception process, or a failed deployment due to performance issues.
Some clients have set their Web filtering solution to block all non-work categories, but during J2 Software's risk assessment it still found employees visiting "blocked" sites. This is usually because of improper configuration, a larger-than-needed population of people with exceptions, or employees who have figured out a way to bypass a Web filter, Mc Loughlin says.
Off-network visibility
During its risk assessments J2 Software often finds that when employees take laptops home they visit and use risky Web sites and will often be downloading risky files/applications. This then causes major risk, because when these machines are brought back into the corporate network, all malware which was downloaded is now inside the firewall.
Determining intent
Employees who maliciously exfiltrate sensitive data will take multiple steps to cover their tracks. Each step, if viewed alone in a siloed security system, appears innocuous. But, putting the story together from the endpoint shows clear intent.
A common example is: (1) employee searches for "how to encrypt and rename a zip file" online; (2) copies an unusual number of files to their endpoint device; (3) splits them up, zips, and encrypts them; (4) renames them; and (5) e-mails them to a personal address. This sequence is impossible to piece together from disparate security systems. Dtex's SystemSkan gives you this view instantly.
Cloud services
While corporate Web filters typically block cloud services like file sharing and personal Web mail, employees still use these services when they're off the corporate network. Dtex provides visibility into what they upload and download.
Also, every company has a list of users who are partially or entirely exempt from the restrictions on using cloud services. Dtex provides visibility into their activity and alerts security if someone is abusing their privileges.
Super users, admin rights
Super users tend to have the fewest security controls in place, even in organisations that have partial or full deployments of privileged account management. Dtex provides visibility into all super user activity, and helps enterprises to understand where controls need to be tightened versus where they can be relaxed.
Some customers find the enhanced visibility provided by Dtex allows them to provide super user and admin rights to more users, increasing efficiency and trust.
Data-driven prioritisation
Historically, it's been difficult to measure the effects of security training. Dtex customers use endpoint visibility to objectively measure behavioural changes, and make corrections as needed.
Similarly, customers use Dtex to quantify when new security controls are needed versus more basic remediation steps. For example, typically only 1.7% of employees use pirated media and applications. With this data-driven visibility, a company can make a risk-based decision about whether to implement application white-listing or simply keep a closer eye on this small population.
Privacy
HR, legal, and privacy departments often raise concerns about monitoring endpoints, especially from an employee privacy perspective. Dtex's anonymisation process and strong insider-focused heritage maintains employee privacy. Users can be "demasked" only once there is legitimate suspicion of wrong-doing.
In the modern technologically-driven world we work in, we no longer can use the excuse that we didn't know what was happening. New laws and compliance codes makes it an obligation to know what is really happening with your machines, information and systems.
This is why it is vital that you get the unique user visibility offered by Dtex Systems' SystemSkan. Mc Loughlin is often asked 'where do we start?' and his answer is really simple: "Just start somewhere. Every step taken to secure your internal environment is a good step."
Make sure you get the capability to have total end-user visibility - whether that user is on the network or not. You cannot measure what you cannot see - so total end-point visibility is key.
In order to further strengthen your mature security program, you must know what is happening with your internal, trusted users. Understanding how the users are actually using their machines, the data they are actually accessing and how they move it around will give you the information you need to make better decisions, ensure policy compliance, reduce risk and cut costs.
In order to find out more or to take SystemSkan for a test drive, get in touch with J2 Software by visiting www.j2.co.za or drop the company an e-mail at info@j2.co.za.
Share