Post on 25-May-2015
description
UserLock® Mitigating the Security Risk from Internal Users within the Banking & Financial Sector
THE INSIDER THREAT
Some of the risks posed from Insider
Threats in the Financial Sector:
THE INSIDER THREAT
• Undesired disclosure of confidential
customer and account data
• Fraud
• Loss of intellectual property
• Disruption to critical infrastructure
• Monetary loss
• Embarrassment, Public Relations
• Destabilize, disrupt and destroy cyber
assets of financial institutions ‘Insiders already know where the company’s crown jewels are!’
IDENTIFYING THE INSIDER THREAT
Forrester research* has also shown that
the greatest volume of security breaches
come from employees inadvertently
misusing data
IDENTIFYING THE INSIDER THREAT
Dealing with both malicious and
careless activity from employees,
ex-employees or trusted partners.
IS Decisions research shown that IT
professionals consider ignorant users to
be the greatest security risk in their
organization
IN YOUR OPINION, WHICH GROUP WITHIN YOUR
ORGANIZATION REPRESENTS THE GREATEST SECURITY RISK?
The Insider Threat Security Manifesto – IS Decisions 2014
* http://www.csoonline.com/article/741148/report-indicates-insider-threats-leading-cause-of-data-breaches-in-last-12-months
TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT
Nearly 90%* of IT Professionals
consider insider threats to be a purely
cultural issue and are not aware that
technology can help them address
internal security issues.
TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT
* The Insider Threat Security Manifesto – IS Decisions 2014
TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT
TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT
UserLock is an enterprise security software
that controls and secures network access
for all authenticated users.
UserLock helps organizations reduce the
risk of security breaches from insider
threats (intentional or not), offer an
immediate response to suspicious user
behavior and get compliant with major
regulations.
1. SECURE NETWORK ACCESS
Restrictions by location – workstation, device
Limit or prevent concurrent logins
UserLock sets and enforces effective login
controls and restrictions (that cannot be
achieved in native Windows) on what
authenticated users can do. This fine-
grained access control helps ensure
inappropriate access to company data is
no longer a possibility.
ENSURE INAPPROPRIATE ACCESS IS NO LONGER POSSIBLE
Restrictions by usage/connection time
2. IMMEDIATE RESPONSE TO SUSPICIOUS USER ACCESS
Recognize improper user access and respond
to risk behavior or access attempts from
someone other than the legitimate user
Real-Time Monitoring provides the
visibility into what users are doing and
the ability to take appropriate security
measures to alleviate security threats.
IMMEDIATE RESPONSE TO SUSPICIOUS USERS
immediate and remote response to suspicious, disruptive or unusual logon connections
should be an integral part of any organizations security policy and risk mitigation strategy
3. ACCURATE IT FORENSICS IN THE EVENT OF A SECURITY BREACH
Accurate, detailed information about who was connected,
from which system(s), since what time, for how long etc…
UserLock records and archives all access
events across the whole Windows Network,
giving IT the ability to support accountability,
legal investigations and internal trend analysis.
ACCURATE IT FORENSICS IN THE EVENT OF A SECURITY BREACH
Time spent manually monitoring and auditing network access can be
significantly reduced (up to 90%), freeing up resources for other critical tasks
4. STOP EMPLOYEES SHARING LOGINS
Preventing concurrent logins reduce the ability of users to share
credentials as it impacts their ability to access the network
UserLock helps eliminate the opportunity for fraud
resulting from users sharing logins. It’s vital to
ensure that employees are limited to using only
their own personal login information.
STOP EMPLOYEES SHARING LOGINS
It provides the motivation for employees to adhere to password security policy and help protect the organization’s critical assets
Also, UserLock ensures access is attributed to an individual employee - making them responsible for each and every activity
5. STOP ATTACKERS USING STOLEN CREDENTIALS
Preventing concurrent logins makes it impossible for any rogue user to use valid credentials at the same time as the legitimate
owner
Restricting access by physical location and setting usage/connection time limits helps organizations avoid these attacks
UserLock ensures unauthorized access is
no longer possible – even when credentials
are compromised - stopping malicious
users seamlessly using valid credentials.
Such an attacker is likely to log in with
stolen credentials from an abnormal
location at an usual time.
STOP ATTACKERS USER STOLEN CREDENTIALS
6. RAISE USER SECURITY AWARENESS
Messages about legal and contractual implications discourage employees from committing cybercrime or lashing out for a
perceived injustice
UserLock notifies all users about any access denials on their account
Informed employees are an important line of
defense.
UserLocks’ notification system supports
organizations efforts to communicate security
policies, increase user security awareness and
educate about insider threats.
RAISE USER SECURITY AWARENESS
7. ENFORM COMPLIANCE WITH MAJOR REGULATIONS
UserLock provides features to identify,
search, report and archive user access for
compliance with major industry regulations,
including NIST 800-53, Sarbanes-Oxley,
NIPSOM Chapter 8, PCI, ICD 503…
ENFORCE COMPLIANCE WITH MAJOR REGULATIONS
FINANCIAL SECTOR CASE STUDIES
QUESTIONS?
THANK YOU!