This is vital in the current environment of rising digital crime; we’ve all seen the headlines about leaked data and the damage to the reputation from cyber-attacks. But something that is less well known is that the majority of data leaks come from within companies. Indeed less than 40% of companies dedicate budget to insider threat detection technology despite the inherent risks. [Source: Forcepoint].
Visibility is vital
Assure APM uses Riverbed Steelhead technology to monitor application performance. A recent McAfee report states that data exfiltration remains a largely physical activity with 40% of incidents involving laptops and USB drives. It goes on to say that the top electronic exfiltration methods are via file transfers and email. By using APM, businesses can correlate logs and alerts from the network and application layers, giving more comprehensive insight into the application traffic.
A break from the norm
Once installed, APM monitors for unusual activity from within a company’s network. Employees will, in general use specific parts of a system and regularly access certain files and data stores in their day-to-day work. After installation APM will watch over the network for a period of time to calibrate what is ‘normal’ usage. Once a long enough sample has been taken parameters can then be set to detect for unusual activity from within the company. This allows companies to find and investigate potential problems before they have any impact on the business. It gives the administrator the power and insight to know when they need to actively close down access rights to those attempting to move or copy data.
In the past, it took an IT professional hours of forensic investigation to find anomalies and suspicious events in the logs generated by a server. The APM solution adds detailed, customised data fields to logs so custom alerts can be configured and all the data needed for a forensic investigation can be accessed easily. This means that valuable IT resources can be used elsewhere as APM is specifically designed to produce information that does not need the user to be a forensic IT expert and generates reporting that management can easily understand. This aids onward communication to other parts of businesses, as there will be no need to interpret the findings into plain speak.
Whatever the size of business, from SME to multinational, if there is a profit to be made then attackers will strike where they can, and this includes attacks from within. Add to this the instances when damage is done internally as the result of a mistake or through lack of education around cybersecurity and it’s clear that the argument for internal system security and oversight becoming best practice has never been stronger.