Tuesday May 26th 2015

Privileged Account User Protection Meets Security Intelligence

Privileged Account User Protection Meets Security IntelligenceGuest Commentary by
John Burnham, VP of Corporate Marketing at Q1 Labs

It is almost daily we hear of yet another organization facing a data breach, which begs the question, why? Well, there are a number of reasons, one of which is a lack of true security and monitoring of privileged account users. Many of the data breaches we read about are initiated by insiders to organizations. Whether intentional or not, the negative impact to the business is equal to that of a cyber-attack from an outsider. In any event, neither is welcome.

Organizations are beginning to become more intelligent, however enterprises seeking to eliminate the potential for anonymous employee access to sensitive data are extending their Security Information and Event Management (SIEM) platforms through the addition of privileged identity management (PIM) solutions. The combined technologies provide enterprises with enhanced monitoring, visibility and management of the powerful privileged accounts that allow unaudited access to nearly every system, business application, database, Web service and network appliance throughout large organizations.

Our work with Lieberman Software has provided unparalleled insight into customer networks, enabling the ability to automatically discover, strengthen, monitor and retrieve privileged account passwords in the cross-platform enterprise, while correlating the activity of people that might be trying to abuse those passwords for personal or financial gain. With this 360 degree view of security events, together with Lieberman Software we can show not only what is happening, but also who is behind the activity – a key component to fighting back against insider threats.

Being able to monitor all privileged accounts from one system certainly made it easier for our customers to monitor access and meet auditing requirements, but it surprised us how much support we got from the security administrators themselves.  We found that it is those administrators with privileged credentials were among the biggest supporters since they are usually the focus when unauthorized changes are made.

By bringing this activity into QRadar, our customers are now able to monitor all of their privileged access usage information combined with unauthorized access attempt information and attack detection so they have warning if that privileged access was part of an attack.  In addition, Q1 Labs’ QRadar combines asset value information to prioritize those assets and alerts when there is an outbreak; QRadar can also assure all privileged access goes through Lieberman by alerting on any access attempts to bypass.  This ensures the strength and security of Lieberman Software is being used to the fullest.

About the Author

As Vice President of Corporate Marketing, John Burnham has senior management responsibility at Q1 Labs for all of the company’s strategic branding, positioning, corporate communications, media, and analyst relations initiatives, and for helping to create and deliver the firm’s core messages to the network security management market and beyond.

Leave a Reply

nine − = 5