I was recently changing my keys to a new key ring and included in this move was a 4GB USB flash drive. This reminded me just how ubiquitous these flash drives have become. After all, how many times have you been given a USB drive at a trade show, by a friend, or through some other unsuspecting channel?  To the network engineer who manages network security or an administrator, the common USB drive presents significant threats from both what they bring in to the network and what they can take out.

 

According to Computer World, one in four malware attacks is carried out through a USB device.  One such method is to manipulate Autorun such that it launches every time a USB device is inserted into a system.  The Stuxnet worm took advantage of other vulnerabilities and infected machines once the user browsed files on the USB drive.

 

According to Cisco, over twenty million unprotected USB drives are lost per year exposing trade secrets and proprietary information.  Couple this accidental data loss with the malicious removal of data on USB and the losses can be come staggering.

 

So, short of gluing USB ports shut, how can you go about protecting your network and data from the comings and goings of USB flash drivces?  One way is to monitor your event logs for unauthorized insertion or removal of flash drives.

 

SolarWinds Log & Event Manager (LEM) includes built-in USB Defender technology that provides real-time notification when USB drives are detected.  This notification can be further correlated with network logs to identify potential malicious attacks coming from USB drives.  With LEM’s USB Defender technology, you can take automated actions such as disabling user accounts, quarantining workstations, and automatically or manually ejecting USB devices.  Additionally, LEM provides built-in reporting to audit USB usage over time.

 

SolarWinds Log & Event Manager (LEM) delivers powerful Security Information and Event Management (SIEM) capabilities in a highly affordable, easy-to-deploy virtual appliance. It combines real-time log analysis, event correlation, and a groundbreaking approach to IT search to deliver the visibility, security, and control you need to overcome everyday IT challenges. Starting at $4,495, LEM offers a free fully functional 30-day trial so you can see just how powerful and easy-to-use it is.