Beruflich Dokumente
Kultur Dokumente
The information contained in this document represents the current view of Prism Microsystems, d/b/a EventTracker, on the issues
discussed as of the date of publication. Because EventTracker must respond to changing market conditions, it should not be interpreted
to be a commitment on the part of EventTracker, and EventTracker cannot guarantee the accuracy of any information presented after
the date of publication.
This document is for informational purposes only. EventTracker MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE
INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, This paper may
be freely distributed without permission from EventTracker, as long as its content is unaltered, nothing is added to the content and
credit to EventTracker is provided.
EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from EventTracker, the furnishing of this document
does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.
2015 EventTracker. All rights reserved.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Table of Contents
The Threat From Inside............................................................................................................2
Insider Threats .......................................................................................................................... 3
Page 2 of 8
Insider Threats
Data Leakage Enabled By USB Devices
When it comes to data leakage threats, USB devices can be some of the hardest to detect. These devices have become
so widespread and small enough that physical detection has become impractical and harder, if not impossible. So we
must rely on software or Group Policy to help govern their usage. Going to extreme measures to stop these devices is
not feasible (e.g. super glue in USB slots). The use of flash drives is not a harmful act; its what happens to the data that
causes the problem.
News articles report that in many cases data leakage was accidental, caused by devices being lost or stolen. In these
cases employees were simply trying to be productive and work from home when the devices came up missing. There
are other articles that show how data leakage can be malicious in nature such as trade secrets being disclosed to rival
companies or patients being harmed by the leak of confidential medical records to the public, just to name a couple.
When a user decides that they wish to harm a company by taking sensitive information off-premises, there is little that
System Administrators can do. USB devices can be hidden anywhere and can hold large amounts of data. Restricting
their usage will help stop unauthorized users from copying company data.
With EventTracker you have the ability to not only detect these flash drives, but also disable them while leaving other
USB devices active. Another benefit is that you have the ability to track data written to, deleted from, modified or copied
onto these drives. It is critical to not only monitor USB flash drive usage on your servers but also at the workstation level
since most cases of data leakage via USB devices come from users who do not have direct access to servers.
With this simple remedy in place companies can save themselves public embarrassment, the loss of trade secrets,
customer data, customer confidence as well as financial losses.
Figure 1:
USB Activity
event showing
USB device
activity
Page 3 of 8
Page 4 of 8
Page 5 of 8
Figure 2:
shows a remote
desktop login
for the Domain
Administrator
account.
Figure 3:
shows a login
failure for a
remote desktop
session for
the Domain
Administrator
account.
Page 6 of 8
Figure 4:
shows excessive
access failures
on a given
system
Page 7 of 8
Figure 5:
shows excess
access failures
by a given user
About EventTracker
EventTracker enables our customers to stop attacks and pass IT audits. Our award-winning product suite includes
EventTracker Security Center and EventTracker Compliance Center, which transform high-volume, cryptic log data into
actionable and prioritized intelligence to optimize IT operations, detect and deter costly security breaches, and comply
with multiple regulatory mandates. Our clients include government agencies, commercial enterprises, and the
healthcare and financial sectors.
In addition to best-in-class product features, we offer SIEM Simplified, a professional services engagement to guarantee
successful outcomes. Our experienced staff assumes as much or as little responsibility for all SIEM-related tasks as
you require, including planning, scoping, and installing the implementation, as well as performing run, watch and tune
functions of the implementation on your behalf. Our team includes experts in various technologies including Windows,
Cisco, VMware, Checkpoint and many security solutions such as Snort, McAfee, Imperva, etc.
As the only SIEM vendor to own both product and service delivery functions, our solution is tailored to customer need,
resulting in the superior quality at competitive pricing to the SME market.
Page 8 of 8