cancel
Showing results for 
Search instead for 
Did you mean: 

Using User Access Management to Defend Against Insider Threats

Level 11

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article by Jim Hansen about leveraging access rights management to reduce insider threats and help improve security.

According to the SolarWinds 2019 Cybersecurity Survey, cybersecurity threats are increasing—particularly the threat of accidental data exposure from people inside the agency.

According to the survey, 56% of respondents said the greatest source of security threats to federal agencies is careless and/or untrained agency insiders; 36% cited malicious insiders as the greatest source of security threats. Nearly half of the respondents—42%—say the problem has gotten worse or has remained a constant battle.

According to the survey, federal IT pros who have successfully decreased their agency’s risk from insider threats have done so through improved strategy and processes to apply security best practices.

While 47% of respondents cited end-user security awareness training as the primary reason insider threats have improved or remained in control, nearly the same amount—45%—cited network access control as the primary reason for improvement, and 42% cited intrusion detection and prevention tools.

The lesson here is good cyberhygiene in the form of access management can go a long way toward enhancing an agency’s security posture. Certain aspects of access management provide more protection than others and are worth considering.

Visibility, Collaboration, and Compliance

Every federal IT security pro should be able to view permissions on file servers to help identify unauthorized access or unauthorized changes to more effectively prevent data leaks. Federal IT pros should also be able to monitor, analyze, and audit Active Directory and Group Policy to see what changes have been made, by whom, and when those changes occurred.

One more thing: be sure the federal IT team can analyze user access to services and file servers with visibility into privileged accounts and group memberships from Active Directory and file servers.

Collaboration tools—including SharePoint and Microsoft Exchange—can be a unique source of frustration when it comes to security and, in particular, insider threats. One of the most efficient ways to analyze and administer SharePoint access rights is to view SharePoint permissions in a tree structure, easily allowing the user to see who has authorized access to any given SharePoint resource at any given time.

To analyze and administer Exchange access rights, start by setting up new user accounts with standardized role-specific templates to provide access to file servers and Exchange. Continue managing Exchange access by tracking changes to mailboxes, mailbox folders, calendars, and public folders.

Finally, federal IT pros know while managing insider threats is of critical importance, so is meeting federal compliance requirements. Choose a solution with the ability to create and generate management and auditor-ready compliance reports showing user access rights, as well as the ability to log activities in Active Directory and file servers by user.

Conclusion

There are options available to dramatically help the federal IT security pro get a better handle on insider threats and go a long way toward mitigating risks and keeping agency data safe.

Find the full article on our partner DLT’s blog Government Technology Insider.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

8 Comments
smttysmth02gt
Level 13

Thanks for the article!

zennifer
Level 13

I have been working hard the last year to get a better handle on Network Access Control.  We all need 2 accounts, 1 for user work and 1 for elevated privilege; we rarely require elevated privilege.   Thanks for the information, you have stimulated my thinking cap for today orafik !

brianj
Level 12

This is one of the most frustrating parts of security for me. You need to trust the people who have access, but you need to closely monitor what they do to make sure it isn't being abused and that monitoring doesn't communicate trust.

vinay.by
Level 16

Thanks for the article.

fmasotti
Level 12

thanks for the post

df112
Level 13

Thanks for sharing.  This doesn't just apply to Federal IT, all of us that are entrusted with data/resource stewardship should be practicing this.

pgaryga
Level 10

Good stuff, thanks.

david.botfield
Level 13

Thanks for the article