Insider Threat Solutions

RELATED LINKS • Log Management Solutions • Database Monitoring Solutions • Why Customers Choose LogClarity® • The Compliance Challenge Overview • LogClarity® Features Overview

Insider Threat Overview

Over the last several years, companies have spent considerable time, effort and expense focused on protecting their information assets and critical systems from outside intruders. Most companies have implemented some form of security measures for protecting the perimeter from attack including; firewalls, intrusion detection systems, anti-virus, anti-spyware, and network security incident management solutions.

• Insider Threat Statistics
• Who is most likely to attack your systems or steal data?
• Increasing Security Through Event Log Management
• LogClarity® Enterprise Protection Against Logic Bombs
• Why LogClarity® Solution?

There has also been another very destructive and costly threat that has been present for years but has been widely ignored. This threat has been silently causing damage without much public attention until legislative mandates were introduced. These mandates require organizations to disclose when customer private information has been exploited. Many think of hackers as the leading cause of data leakage and identity theft, however, statistics prove otherwise. Unfortunately, most organizations haven’t been paying attention to this huge epidemic or simply don’t know how to protect themselves. This dangerous threat is the “Insider Threat”.

Insider Attack Statistics

CERT.org which is a recognized authority on insider threats states that 60% of reported insider attacks in 2007 used compromised accounts; unauthorized accounts created by insiders; or used a former colleague’s known login and password. Other statistics include 15% of the time DBA accounts were used; and 13% of the time system accounts (Highly privileged accounts) were methods used by insiders to access critical data. Backdoor accounts were contributing methods used but, even more surprisingly insider’s, also used their own accounts to carry out attacks.

The majority of such attacks were only detected after the effects were seen in the form of missing data or critical systems showing signs of instability. Unfortunately, these effects can occur long after the attacks take place which makes it difficult to hunt down and prosecute the offenders. The costs and repercussions can be in the millions of dollars and can affect many other areas of the company’s health. The best resolution to this problem is swift identification through monitoring, alerting, and reporting of unauthorized access or abuse of critical information assets. Database activity monitoring (DAM) is a powerful method of detecting unauthorized access and preventing long-term abuse.

Improving Security Through Event Log Management

Improve Security with the LogClarity® Solution

Enterprise-wide event log management and monitoring of all access to critical systems and information assets is an integral part of security of the enterprise. Insiders that have access or outsiders who manage to get past perimeter security protocols are just as dangerous. Company intellectual property and customer private data is fundamentally important to every organization. This valuable data must be protected including the systems they are stored on.

Why LogClarity® Solution?

The Logical Choice for Log Management

Other log management solutions don’t perform any analysis of event logs at all. They simply collect them all to a central log server. This can be very difficult to use for a number of reasons. The duplicate data can cause inaccurate reports and too many event log results during data mining activity searches. It can also cause serious data pollution and poor log retention.

LogClarity® Suite?" />