Although you may be ready for outside threats, have you given yourself the same protection from the inside? Today, log collection is seen mainly as a way to meet compliance controls and provide critical information when researching incidents and performing forensic analysis. However, it is also a very useful proactive security tool.
Employees account for more than 40 percent of data loss, according to a study from Intel Security. Whether accidental or purposeful, much of this activity can be cut off by establishing a baseline of user behavior and a robust accounting of unusual behaviors. By proactively analyzing your log data and understanding what’s “normal”, you can then begin to understand and know about events such as repeated login attempts from remote locations, attempts to access resources in the business off hours and other unusual activity. This enables you to tighten security measures around these unusual activities. By being proactive and asking the right questions and raising the right visibility, employees are less likely to attempt underhanded behavior if they know that a sophisticated internal security system is in place.
Creating a Baseline for Internal Activity
Having a standard of behavior and analyzing user behavior is essential to your internal security. This baseline will help you find known, unknown, and hidden threats within your internal environment. Believe it or not, most employees will thank you for this structure. The employees who are trying to help the company will appreciate the fact that it is more difficult for others to sabotage their hard work, and your company will naturally deter any potential employees who might look for an opportunity to undermine a company from the inside.
Setting a baseline also helps management understand what is happening in the business environment and protect against outside attacks. Once an attacker gains access to internal resources it is extremely difficult to tell the difference between the attacker and a normal employee. Having an understanding of normal user behavior, such as records of whom log in, when they typically work, where they login from, and what they access as a result of that login are all essential things to know.
The Solution for Internal Security
Alert Logic® Log Manager™ bolsters your internal security by making it easy to collect logs from the right sources, establish user behavior baselines and define alerts on activity types of interest. If you couple this with our Log Review and ActiveWatch services as part of Cloud Defender – you have a system that literally does all of the login collection and detection work for you.
Give your business the best chance of success and create a more robust internal structure that will withstand the test of time. Make it a priority to build up your security through a robust log collection program, outsourced to a professional company so that you can focus your efforts where they belong - in your business.