• Skip to main content
  • Skip to primary sidebar
  • Home
TechTidBit – Tips and advice for small business computing – Tech Experts™ – Monroe Michigan

TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Bring Your Own Device

Network Security And The “People Problem”

November 30, 2014

Michael Menor is Vice President of Support Services for Tech Experts.

Security teams that focus on what is already happening and the layers of defense being breached are constantly in reactive mode.

Reviewing reams of data produced by technology – firewalls, network devices or servers – is not making organizations more secure. With this approach, the team fails to prevent breaches or respond in a sufficiently timely way.

Instead, the addition of more data and more complexity perversely prevents achieving the end result: protecting sensitive information.

The significant breaches of today are executed by people infiltrating the organization and attackers are doing this by assuming identities or abusing insider privileges.

There is a gap between the initial line of defense (the firewall) and the company’s last line of defense (the alerts received by the security team and their following analysis.)

Tracking user activity, especially connections between suspicious behaviors and privileged users, would allow organizations to close this gap.

True understanding of identity has the ability to cut through the overwhelming explosion of data that can render security organizations blind and unable to respond to real threats or even detect if they are under attack.
It is time to incorporate identity into the organization’s breach prevention strategy and overall security. We have to stop accepting a gap approach to security, which is usually focused on data and devices rather than people. In light of the budding perimeterless world, identity will increasingly be the primary factor that matters to the security team.

Identity data is pervasive, yet typically absent from the security world view. For security organizations, our corporate identity (the personal identity elements we bring to our corporate environment) and our behavior are aggregate details essential in building a picture of what is happening within – and beyond – the corporate perimeter.

business people iconsTogether, they offer deep context to inform the security team of the appropriate response to potential threats and real attacks.

The critical piece in this approach is the security organization’s ability and capacity to understand the full scope of identity: who the person really is behind any given device and whether they are behaving abnormally.

This is particularly helpful when identifying attackers that have managed to acquire privileged user credentials.

Identifying Normal Behavior
One way to reduce the scope is to focus on the highest risk identities first. If you accept that the greatest risk comes from people inside your organization that can access sensitive information – known as “privileged users”, which can also include non-human accounts that may have access – then the correct steps are as follows:

1) Reduce the number of privileged users/identities and accounts.

2) Limit the privileges any one user has to systems and applications necessary to do their job.

3) Integrate the identities of privileged users into security and risk monitoring to spot behavior that may indicate a breach.

Closing the Gap
As more and more of the computing environment breaks outside of the control of central IT organizations, spearheaded by the move towards BYOD (or Bring Your Own Device), the ability to recognize who a user actually is and what is normal for them becomes a foundational part of effective security monitoring.

Without such identity-powered security, security teams will continue to struggle to differentiate whether the events they are monitoring are worth a reaction and that hesitation allows attackers to execute more and more damaging data breaches.

Furthermore, security teams will continue to operate in reactive mode and fail to prevent breaches or respond in a sufficiently timely way.

If identity is a central component to security management, then security teams will be in a better position to understand the behavior of users and will spend far less time trying to identify the meaning behind the events they are seeing.

People will continue to be our biggest point of exposure and with a keen focus on user behavior and activity, we will be in a much better position to limit the impact of breaches.

(Image Source: iCLIPART)

Primary Sidebar

Browse past issues

  • 2025 Issues
  • 2024 Issues
  • 2023 issues
  • 2022 Issues
  • 2021 Issues
  • 2020 Issues
  • 2019 Issues
  • 2018 Issues
  • 2017 Issues
  • 2016 Issues
  • 2015 Issues
  • 2014 Issues
  • 2013 Issues
  • 2012 Issues
  • 2011 Issues
  • 2010 Issues
  • 2009 Issues
  • 2008 Issues
  • 2007 Issues
  • 2006 Issues

More to See

Five Reasons To Be Wary Of AI

May 19, 2025

Don’t Trust The Cloud Alone: Backup Your Cloud Data

May 19, 2025

Seven New And Tricky Types Of Malware To Watch Out For

May 19, 2025

Are You Leaving Your Office Door Open?

April 14, 2025

Tags

Antivirus backups Cloud Computing Cloud Storage COVID-19 cyberattacks cybersecurity Data Management Disaster Planning Disaster Recovery E-Mail Facebook Firewalls Hard Drives Internet Laptops Maintenance Malware Managed Services Marketing Microsoft Network online security Passwords password security Phishing planning Productivity Ransomware remote work Security Servers smart phones Social Media Tech Tips Upgrading Viruses VOIP vulnerabilities Websites Windows Windows 7 Windows 10 Windows Updates work from home

Copyright © 2025 Tech Experts™ · Tech Experts™ is a registered trademark of Tech Support Inc.