Threat Intelligence

  • 1.  Insider Risk Challenges

    Posted Nov 18, 2019 01:22 PM
    Did you catch the new Fortinet blog on challenges of insider risk? It is worth a read:

    Addressing the Challenge of Insider Risk

    Here are suggested strategies to minimize the risk:

    1. Train employees to see and report suspicious activity. In addition, run background checks on users being given privileged access to digital resources.
    2. Deploy tools that can monitor user behavior and activities – including policy violation and leverage machine learning to detect unusual behavior.
    3. Segment the network to limit activity to specific network regions. For more sensitive operations, a zero trust model can be especially effective.
    4. Implement configuration management tools that can quickly assess and identify improperly configured device.
    5. Monitor data access and file transfers, and invest in file tracking technologies.
    6. Implement a data loss prevention (DLP) process and related technologies.
    7. Strengthen identity and access management (IAM), including the use of multi-factor authentication.
    8. Encrypt data in motion, in use, and at rest. Invest in technologies that can inspect encrypted data at business speeds.
    9. Use a SIEM tool to correlate threat intelligence gathered from across the network to identify those needle in a haystack events that are impossible to detect using manual correlation.
    10. Use deception technologies and honeypots to detect activity that strays from assigned tasks.

    Hope this helps!