We keep our eyes and ears peeled on your behalf here at STEALTHbits Headquarters, and we recently overheard some really cool news about an Active Directory project that’s under way (and under wraps). We convinced Adam Laub, VP of Marketing, to sit down with us for just 5 questions about this mystery solution.
Daria: Word on the street has it that there's something called "Interceptor" technology that's coming. What is it?
Adam: How do you guys hear about these things?! I can't say much at this point, but I can tell you that StealthINTERCEPT is a hot new technology that will allow our customers to lock-down Active Directory from unauthorized changes, and to get real-time notifications.
D: What business benefits can users expect?
A: This is part of our larger data governance initiative, which helps our customers take back control of their unstructured data. Active Directory is a key and often overlooked piece of the puzzle. If you're not securing AD, then all you're leaving a door wide open.
D: So when can we expect to see this?
A: Soon! We have test sites running it already. You'll have to stay tuned for details.
D: Is this part of an upgrade to the StealthAUDIT Management Platform?
A: Yes and No. StealthINTERCEPT technology is new and stands on its own, but also integrates with the StealthAUDIT Management Platform.
D: Do you guys practice these vague answers?
A: Absolutely.
D: So how is this real-time technology going to work?
A: Sorry, that's five questions!
We're certainly intrigued. We'll be sure to keep you posted on this blog and in our monthly newsletter as this develops, so stay tuned. This is gonna be big.
Friday, April 29, 2011
Wednesday, March 23, 2011
High Risk(y) Business: Controlling the Threat of High Risk Shares
Try this: go to your favorite search engine, and type in “high risk share.” Chances are, you’ll get the same thing I did: pages and pages of financial information dealing with risky shares as they pertain to stocks. The definition and even identification of a high risk stock is fairly straightforward (at least in theory). In the IT space, though, high risk shares are much broader in term, and can be difficult to identify (which, in turn, makes them difficult to govern). Unlike a stock market, which appears in a uniform way to all investors in that market, high risk data repositories vary across organizations based on individual access settings, permission needs, departmental requirements, and more.
One way to look at it is in terms of access. If a file or share is accessible by a very large number of users (through well-known security principles like “Everyone,” for instance) the chances increase that it would be considered at “high risk.” At the same time, organizations often purposely leave folders at the top level open because they’re commonly used across the board. So where’s the risk then, exactly?
Risk comes into play when open permissions at the top level filter down through effective rights to permissions several levels below. Because effective rights are difficult to identify (take our effective rights quiz to see how well you do), they can leave sensitive data open to many more people than need or should have access to it.
To learn more about high risk shares, and how to identify and remedy them, watch our STEALTHsession on Controlling the threat of High Risk Shares.
One way to look at it is in terms of access. If a file or share is accessible by a very large number of users (through well-known security principles like “Everyone,” for instance) the chances increase that it would be considered at “high risk.” At the same time, organizations often purposely leave folders at the top level open because they’re commonly used across the board. So where’s the risk then, exactly?
Risk comes into play when open permissions at the top level filter down through effective rights to permissions several levels below. Because effective rights are difficult to identify (take our effective rights quiz to see how well you do), they can leave sensitive data open to many more people than need or should have access to it.
To learn more about high risk shares, and how to identify and remedy them, watch our STEALTHsession on Controlling the threat of High Risk Shares.
Friday, February 18, 2011
Controlling SharePoint Sites
SharePoint is growing more and more prevalent in organizations, and offers a great way for users to interact and share content remotely for collaboration on projects. With the increasing use of SharePoint, however, SharePoint admins are facing the same issues that plagued (and, in many cases, continue to plague) administrators of the distributed file system. Increasingly, sites are growing stale, violating ethical wall regulations, and being deemed “high risk” in terms of access and permissions settings.
Each of these issues have their own steps for mitigating the risk associated with them, which we’ll discuss in more detail below, but it’s worth noting that what they all have in common is the need for data that will help identify the problem. After all, you can't fix it if you don’t know that it’s broken.
High Risk Repositories
Sites classified as being at “high risk” are those that are effectively open to your entire organization. This happens because site managers can assign trustees, who can, in turn, assign permission that expose content to too many people. Some examples of these kinds of permissions are “Authenticated Users,” “Domain Users,” and “Anonymous Logons.” When identifying high risk repositories, it’s important to examine effective rights; just because a user does not have access through one set of permissions does not mean that all of their assigned permissions will keep them from being able to read, write, modify, or even delete content. Explore how users have access to identify what, exactly, is at risk, and then work to lock down permissions.
Controlling Stale Content
Stale content in SharePoint is similar to stale content within Active Directory and the File System – it hasn’t been modified in a long time. Continuous monitoring is required to determine the last time a site was used, and working together with the data custodians who created the sites that you have identified as stale is important to ensure that it’s okay to remove them. Keeping stale sites out of your SharePoint farms will help with simpler management. It’s important to note here that, if a SharePoint site has child sites, SharePoint won’t let you delete the parent site. This is why it’s especially important to reach out to probable owners of sites to gather more information before proceeding.
Ethical Walls
Ethical walls differ by organizations, and apply to most collaborative file systems, including SharePoint. The need for ethical walls stems from the requirement to separate the data that discrete groups within the organization can see. Maybe your organization wants to keep the engineering department’s plans for product upgrades out of the hands of the sales team, or your finance team shouldn’t have access to the investment team’s quarterly assessments. Whatever the reason, one way to identify if ethical wall violations occur is to see where SharePoint group have common access, then corroborate that access within Active Directory to ensure that trustees can only see what they are supposed to.
To learn more about how SMP makes managing SharePoint easy, please view our Controlling SharePoint Sites STEALTHsession, or request a fully-functional product trial.
Each of these issues have their own steps for mitigating the risk associated with them, which we’ll discuss in more detail below, but it’s worth noting that what they all have in common is the need for data that will help identify the problem. After all, you can't fix it if you don’t know that it’s broken.
High Risk Repositories
Sites classified as being at “high risk” are those that are effectively open to your entire organization. This happens because site managers can assign trustees, who can, in turn, assign permission that expose content to too many people. Some examples of these kinds of permissions are “Authenticated Users,” “Domain Users,” and “Anonymous Logons.” When identifying high risk repositories, it’s important to examine effective rights; just because a user does not have access through one set of permissions does not mean that all of their assigned permissions will keep them from being able to read, write, modify, or even delete content. Explore how users have access to identify what, exactly, is at risk, and then work to lock down permissions.
Controlling Stale Content
Stale content in SharePoint is similar to stale content within Active Directory and the File System – it hasn’t been modified in a long time. Continuous monitoring is required to determine the last time a site was used, and working together with the data custodians who created the sites that you have identified as stale is important to ensure that it’s okay to remove them. Keeping stale sites out of your SharePoint farms will help with simpler management. It’s important to note here that, if a SharePoint site has child sites, SharePoint won’t let you delete the parent site. This is why it’s especially important to reach out to probable owners of sites to gather more information before proceeding.
Ethical Walls
Ethical walls differ by organizations, and apply to most collaborative file systems, including SharePoint. The need for ethical walls stems from the requirement to separate the data that discrete groups within the organization can see. Maybe your organization wants to keep the engineering department’s plans for product upgrades out of the hands of the sales team, or your finance team shouldn’t have access to the investment team’s quarterly assessments. Whatever the reason, one way to identify if ethical wall violations occur is to see where SharePoint group have common access, then corroborate that access within Active Directory to ensure that trustees can only see what they are supposed to.
To learn more about how SMP makes managing SharePoint easy, please view our Controlling SharePoint Sites STEALTHsession, or request a fully-functional product trial.
Tuesday, February 15, 2011
The Exchange Mailbox Mess
Permissions get messy over time. Whether it’s in Exchange, SharePoint, the File System, Active Directory, or elsewhere, people will enter and leave the organization, change roles, and require different levels of access as time goes on. Exchange mailbox permissions offer a particular challenge because of multiple layers of access: permissions associated to mailboxes, delegate rights assigned, and even mailbox rights in Active Directory on the user’s account.
Multiple problems can result: Default and Anonymous access can be set incorrectly, default settings could have been changed, Stale and Zombie SIDs could be applied, or disabled accounts in AD could have been given access. Compounding the problem, effective rights are difficult to discern because of the various “gates” that a person can use to get access.
Largely, the problem stems from the sheer amount of data, exacerbated by time and natural changes in personnel. It’s that same vast number of settings that makes it difficult to solve the problem in an environment; imagine finding an access issue that exists in 500 users’ accounts. Changing them one at a time could take days, and requires the use of precious IT resources.
A complete solution offers the option of making changes in bulk, in accord with data that exactly identifies an issue or anomaly. To learn more about Exchange Mailbox management challenges, and see what STEALTHbits can do to help, check out this video of our Mailbox Action Module STEALTHsession.
Multiple problems can result: Default and Anonymous access can be set incorrectly, default settings could have been changed, Stale and Zombie SIDs could be applied, or disabled accounts in AD could have been given access. Compounding the problem, effective rights are difficult to discern because of the various “gates” that a person can use to get access.
Largely, the problem stems from the sheer amount of data, exacerbated by time and natural changes in personnel. It’s that same vast number of settings that makes it difficult to solve the problem in an environment; imagine finding an access issue that exists in 500 users’ accounts. Changing them one at a time could take days, and requires the use of precious IT resources.
A complete solution offers the option of making changes in bulk, in accord with data that exactly identifies an issue or anomaly. To learn more about Exchange Mailbox management challenges, and see what STEALTHbits can do to help, check out this video of our Mailbox Action Module STEALTHsession.
Monday, January 24, 2011
Back to Basics for Security: Why Industry Compliance Regulations Matter, and Why They're Hard
We talk about governance and compliance a whole lot on this blog, and for good reason. Across the board, IT security is a difficult undertaking, and it’s becoming more challenging by the day. For one thing, security threats from outside of the organization have only increased in the last few years, with hackers becoming more sophisticated. From the glamorization of hacking in popular culture (see Girl With A Dragon Tattoo hacker heroine Lisbeth Salander) to “hacking kits” available online (see Business Day on 1/18/2011), the constant threat of external attack is front and center on a daily basis. Perhaps even more dangerous, the threat from inside (like the alleged catalyst of Wikileaks, for instance) is alive and well, and often gets overlooked as organizations scramble to defend their perimeters.
The process for securing data and systems starts with protecting your resources by eliminating (or, at the very least, controlling) vulnerability, continues with active monitoring to detect deviations from norms and standards, and culminates with corrections for exceptions. Underlying all of these processes are industry-centric compliance regulations that ensure that all organizations in a particular vertical are adhering to the same strict security standards.
IT departments follow these regulations in an effort to pre-empt attacks and plug holes. Unfortunately, the tedious nature of the checkpoints for particular compliance standards makes them difficult for administrators to adhere to, potentially leaving environments fatally vulnerable. The problem stems from the fact that the data—detailed accounts of access, permissions, changes, etc. for users and groups, as well as patch and security configurations for systems—is difficult to come by. Extrapolate that difficulty by hundreds or even thousands of users and boxes, and millions and billions of files, and you begin to see the pain point. What’s more, even an exceedingly complex query may only be answering one of many compliance checkpoints from standards councils like PCI, HIPPA, NERC, and SOX.
The key to industry compliance, then, is a way to collect data once, and then use that data to check against an entire list of requirements. This approach will allow administrators to shift from data-gatherers to pro-active threat blockers. After all, discovering that Lisbeth Salander has rights to your system is only half the battle.
For more about our solution to the compliance-adherence problem, check out this video on the Compliance Baseline Manager.
The process for securing data and systems starts with protecting your resources by eliminating (or, at the very least, controlling) vulnerability, continues with active monitoring to detect deviations from norms and standards, and culminates with corrections for exceptions. Underlying all of these processes are industry-centric compliance regulations that ensure that all organizations in a particular vertical are adhering to the same strict security standards.
IT departments follow these regulations in an effort to pre-empt attacks and plug holes. Unfortunately, the tedious nature of the checkpoints for particular compliance standards makes them difficult for administrators to adhere to, potentially leaving environments fatally vulnerable. The problem stems from the fact that the data—detailed accounts of access, permissions, changes, etc. for users and groups, as well as patch and security configurations for systems—is difficult to come by. Extrapolate that difficulty by hundreds or even thousands of users and boxes, and millions and billions of files, and you begin to see the pain point. What’s more, even an exceedingly complex query may only be answering one of many compliance checkpoints from standards councils like PCI, HIPPA, NERC, and SOX.
The key to industry compliance, then, is a way to collect data once, and then use that data to check against an entire list of requirements. This approach will allow administrators to shift from data-gatherers to pro-active threat blockers. After all, discovering that Lisbeth Salander has rights to your system is only half the battle.
For more about our solution to the compliance-adherence problem, check out this video on the Compliance Baseline Manager.
Subscribe to:
Posts (Atom)
