is Digital Data System Guards & Controls
No business or organization with a computer network is immune from the threat of data breaches, unauthorized access, and malicious activities performed from INSIDE the firewall. In fact, more than 70% of all cyber-security incidents were the result of internal security issues that no firewall, anti-virus, or malware device could have prevented.
These attacks do not just take place against large, well-known corporations. While those are the big stories that make the evening news, 60% of all cyber-security incidents happen to small companies.
At the heart of the DDSGandCo solution is an I.T. Detective, if you will, which is effective at identifying a wide range of internal cyber-security threats and generating a daily email alert or internal ticket of anything suspicious it discovers.
Our proprietary scanning technology is non-intrusive, but it does a deep dive through the network in search of anomalous user behaviors, along with unexpected changes to network settings, configurations, assets, and other types of internal threats.
Detecting much more than AntiVirus, Spyware & Firewalls ever could!
Examples of typical internal threats that an I.T. Detective can discover include:
• Unauthorized logins or attempts to restricted computers
• New user profiles suddenly added to the network
• Applications just installed on a locked down system
• Unauthorized wireless connections to the network
• New users just granted administrative rights
• Unusual midnight log-in for the first time by a day-time worker
• Sensitive personal data such as credit card numbers, social security numbers and birth dates stored on machines where it doesn’t belong
Looking for internal I.T. security threats is more challenging than managing threats from the outside. One way to think about this is to consider a security procedure put in place to protect a very important person at an event. The first layer of security is typically a controlled perimeter, where vehicles are prohibited from entering, and every person attending must go through a metal detector and submit to a pat down before entering the venue. That’s the equivalent of today’s standard I.T. security protections – firewalls, anti-virus, and anti-malware software – and that’s the easy part.
The internal security team’s job is far more difficult. They need to be ever vigilant and watchful of the crowd, by scanning people’s facial expressions, body language, and movements; always on the lookout for anyone concealing a weapon who might have gotten through the perimeter security.
Setting up an exterior security checkpoint can be standardized, as it is a simple one-way passage. However, once on inside, every venue and event are unique, and the internal security team needs to be familiar with the venue to create the proper security measures.
The same is true with networks. It’s relatively easy to set up a firewall or install A/V and malware software. Until now, there hasn’t been a practical way to know if any of the client’s IT security policies were being breached from inside the network. Our I.T. Detectives make this possible through an intuitive, check-box driven menu that allows each appliance to be quickly configured, precisely aligning with each client’s unique IT Security Policies. Here are some examples of the kinds of policies that I.T. Detective can track:
Restrict access to accounting computers to authorized users
Restrict access to business owner computers to authorized users
Restrict access to IT admin only, restricted computers to IT administrators
Restrict access to computers containing ePHI to authorized users
Restrict access to systems in the cardholder data environment (CDE) to authorized users
Restrict users that are not authorized to log into multiple computer systems
Authorize new devices to be added to restricted networks
Restrict IT administrative access to minimum necessary
Strictly control the addition of new users to the domain
Users should only access authorized systems
Strictly control the addition of new local computer administrators
Strictly control the addition of new printers to the network
Investigate suspicious logons to computers
Investigate suspicious logons by users Computers
Changes on locked down computers should be strictly controlled
Restrict Internet access for computers that are not authorized to access the Internet directly
Install critical patches for DMZ computers within 30 days
Install critical patches on network computers within 30 days Network Security
Remediate high severity internal vulnerabilities immediately (CVSS > 7.0)
Remediate medium severity internal vulnerabilities (CVSS > 4.0)
Detect network changes to internal wireless networks
Detect network changes to internal networks
Only connect to authorized wireless networks
As an example of how this works, say there are computers in a network where access to these systems is restricted to only users that have administrator level rights. These can be important systems like Domain Controllers, Web Servers, Database Servers, Exchange Servers, or servers where there are strict access and change management controls. The I.T. Detectives user-interface allows to apply a Smart-Tag to all the IT ADMIN users, and a separate RESTRICT IT ADMIN ONLY Smart-Tag to the specific relevant computers.
Once these tags are set up, any user that has not been identified as IT ADMIN accesses one of the IT ONLY computers will be viewed as a threat, and that incident will show up in the form of daily alert.
Another scenario is when the client’s network needs to be tightly controlled in compliance with strict network change management policies and procedures, essentially locked down with regard to any new devices. All that is needed to have our I.T.Detectives alert the client on the incident if a new device is added to the network. We've got you covered.
This unique approach to internal IT security allows for granular control and ongoing refinement.
Digital Data System Guards and Controls
can provide you with your initial assessment.