Skip to content

How to protect your company from insiders threats?

Any corporation is subject to some type of cyberattack, and it is essential to have a system that defends and maintains data integrity.

According to a report by Fortinet Threat Intelligence, Brazil has suffered more than 24 billion cyberattack attempts in 2019, a fact that reinforces the need to have efficient solutions against this type of threat.

Preventing external attacks is already very common within companies, and according to the Verizon Data Risk Report, 34% of data breaches involve internal agents and 17% of all confidential files were accessible to all employees, which turns on a big alert for companies to protect themselves from insiders threats as well as external ones.

For this, it is recommended that some technology be implemented to efficiently monitor privileged access by employees. In order to help you with this task, we have separated 3 practices on how to protect your company from insiders threats, check them out:

1- Know who has access to privileged accounts

One of the biggest mistakes of companies is making privileged credentials available to many users, which directly affects data breaches and the risk of leaks through insiders threats.

You need to find out which people have access to protected environments, and ensure that people who do not need to access such environments have some kind of administrative credential, limiting the number of privileged users.

Ideally, credentials with a higher level of privilege should be controlled by those responsible for IT, so that there is no type of breach.

Learn More: So, what does Privileged Access Management mean?

2- Ensure user traceability

With the use of some technologies, you can know who, when, where, and what actions were taken by the user to perform a privileged session, in addition to limiting the actions that can be performed in the environment.

Some solutions alert and block the user who performs any improper action and provide session recording for analysis.

3- Third-party access

If any type of service provided to your company is outsourced, there must be some kind of protection.

Ideally, any type of access to company environments should be monitored through a VPN dedicated to a specific application for a predetermined time.

The best way to ensure that there are no loopholes for insiders threats in your company is by having a complete PAM password vault, which ensures protection from possible threats, monitors privileged sessions, and automates tasks.

senhasegura is one of the largest PAM solutions in the world according to Gartner. In addition to preventing data leaks and abuse of privilege and avoiding insiders threats, the solution is complete to guarantee protection against external threats. Moreover, the senhasegura implementation helps your organization to:

  • Apply the Security aspect in your DevOps pipeline, ensuring DevSecOps;
  • Perform the proper management of digital certificates;
  • Comply with LGPD and GDPR;
  • Ensure security in your Cloud environment.

If you want to know how our solution works and stop insiders threats in your company, fill out the form below and request a demo of the solution.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

SCADAfence Governance – Now Open To Any Third-Party Application & Free Onboarding Until 2021!

It’s true, the SCADAfence Governance Portal can now connect to any third-party application through Syslog or rest-API and we’re providing the entire on-boarding for free until the end of this year. (Details at the end of this blog post).

How You Can Use The Governance Portal

The SCADAfence Governance Portal, first introduced in 2019, has been developed for IT & OT users to enable real-time compliance monitoring across the entire organization and remote site, and to assure compliance with regulations and standards such as NERC-CIPIEC-62443NISTISO-27001, NIS NCSC, NIST CSF, and others.

Earlier this year, the SCADAfence Governance Portal was enhanced to allow you to extend your compliance automatic coverage by receiving inputs from external tools directly to the Governance Portal.

The SCADAfence Governance Portal had just become your very own full organizational OT/IT Governance & Compliance management system. You can now manage all inputs from your entire security, management and orchestration tools in a central location and get real time compliance status for all of your sites.

How You Can Connect The Governance Portal To Third-Party Applications

It’s easier than you think. 

You configure your external tool to send out the relevant information to the SCADAfence Governance Portal, and it will automatically add this new information to the process of compliance calculation. 

That’s it. 

You immediately enjoy extended coverage in areas that cannot be measured based on network traffic data. For instance, you can easily set up your Endpoint definitions to send alerts when outdated virus definitions are detected or receive inputs from your firewall on blocked traffic.

The Main Benefits Of Using The SCADAfence Governance Portal:

  • It’s a multi-site regulatory and policy compliance framework for your organization.
  • It’s a compliance policy manager – you can define your own policy and measure your organization based on it.
  • You get real-time compliance dashboards – these are automatically created and available at all times for immediate compliance visibility.
  • You have detailed reports – you can even drill down into each site and into each improvement opportunity.

The Look & Feel Of The Compliance Score Dashboards

Ultimately, the SCADAfence Governance Portal offers a one-of-a-kind solution which can help you to increase your readiness and compliance for organizational policies and regulatory compliance by performing automatic regulatory assessments based on real network traffic data.

The automatic compliance score calculation provides ready-to-use compliance dashboards and reports which enables end-to-end management of the compliance process as well as gradual enforcement process with flexible policy options.

 

How To Get The SCADAfence Governance Portal For Free Until 2021

Want to get it for your organization risk-free? Just click this link and fill in your details: https://l.scadafence.com/schedule-a-demo-governance

We will then provide you with full on-boarding for the Governance Portal for free, from October 1st until December 31st 2020.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

ESET Research discovers CDRThief, malware attacking Chinese VoIP platform

BRATISLAVA – ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches. This new malware, named CDRThief by ESET, is designed to target a very specific VoIP platform used by two China-made softswitches (software switches): Linknat VOS2009 and VOS3000. A softswitch is a core element of a VoIP network that provides call control, billing, and management. These softswitches are software-based solutions that run on standard Linux servers. Entirely new Linux malware is rarely seen, thus making CDRThief worthy of interest. The primary goal of the malware is to exfiltrate various private data, including call detail records (CDR), from a compromised softswitch.

“It’s hard to know the ultimate goal of attackers who use this malware. However, since it exfiltrates sensitive information, including call metadata, it seems reasonable to assume that the malware is used for cyberespionage. Another possible goal for attackers using this malware is VoIP fraud. Since the attackers obtain information about the activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud,” says ESET researcher Anton Cherepanov, who discovered CDRThief. “CDRs contain metadata about VoIP calls such as caller and IP addresses of call recipients, starting time of the call, call duration, call fees, and other information,” he adds.

To steal this metadata, the malware queries internal MySQL databases used by the softswitch. Thus, attackers demonstrate a solid understanding of the internal architecture of the targeted platform.

“We noticed this malware in one of our sample sharing feeds, and as an entirely new Linux malware, it’s a rarity and caught our attention. What was even more interesting was that it quickly became apparent that this malware targeted a specific Linux VoIP platform,” explains Cherepanov.

To hide malicious functionality from basic static analysis, the authors encrypted any suspicious-looking strings. Interestingly, the password from the configuration file is stored encrypted. Despite this, Linux/CDRThief malware is still able to read and decrypt it. Thus, the attackers demonstrate deep knowledge of the targeted platform, since the algorithm and encryption keys used are not documented. Furthermore, only the malware authors or operators can decrypt any exfiltrated data.

“The malware can be deployed to any location on the disk under any file name. It’s unknown what type of persistence is used for starting the malware. However, it should be noted that once the malware is started, it attempts to launch a legitimate file present on the Linknat platform. This suggests that the malicious binary might somehow be inserted into a regular boot chain of the platform in order to achieve persistence and possibly masquerade as a component of the Linknat softswitch software,” concludes Cherepanov.

For more technical details about CDRThief, read the blog post “Who is calling? CDRThief targets Linux VoIP softswitches” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×