Skip to content

How to Prevent a Data Leak by Internal Users?

Data leaks are extremely harmful to your company and users, therefore, actions to avoid such failures and information collection is crucial for your company to have a respectable image and become a reference in this segment.

How to Prevent a Data Leak by Internal Users?

A good company must have efficient ways of monitoring data, so they know who and when certain information was accessed, creating a network that limits hostile actions and improper copies.

In order to avoid such harmful practices, measures are needed to improve the security structure. For this, senhasegura can help you with those that should be taken to remedy such complications.

Recording and Monitoring

In most cases of information leaks by internal users, improper copies of the information contained in their company’s database are made, but using complex password recording actions and monitoring of who had access to the specific file, it is possible to prevent illegal collection.

Proper Configuration for The Network Environment

Companies all over the world have gone through hostile attacks and one of the gateways is the network environment, as they are easily accessed by individuals who wish to practice illegal activities, but a suitable configuration can solve such problems.

Another way of prevention is to configure the device used so that its internet connection is limited and data is not transferred improperly. In case the individual needs to be online at all times, it is possible to use WEP encryption, although it is considered weak by professionals in the field.

Education for Implementing a Security System

Although it seems banal, it is always important to explain to the internal user that, just having access to the data contained in a file makes them responsible for handling the information responsibly.

Along with basic network security training, the employee must be aware of the legal measures that may fall on them in case inappropriate actions are taken with confidential data, and even with these actions, monitoring and recording are of paramount importance.

The Access Privilege

With the aid of monitoring, certain information can be further protected through the right of access. This action is intended to determine who should or should not access information contained in a given file.

With it, only one group will be able to have access to the data, making the verification of suspicious actions in the system faster in order to determine possible failures in the security of information.

Constant Changes to Passwords

Every time a certain individual has suspicious actions and ends up being dismissed from the company, the access passwords must be changed so that they do not end up remotely accessing the network.

This practice should become commonplace, as access logins can often be known by unscrupulous people and the constant change of passwords helps keep your company data secure.

Protect Yourself from External Devices

Information can often be improperly archived on mobile devices such as USB sticks or SSDs, but through simple processes such as blocking USB ports and wireless, it can make data protection more effective.

These devices are not of paramount importance for your company’s daily activities, therefore, it is possible to forbid the use of the aforementioned options, and with this, all data transfer will be done over the network, where they can be monitored and blocked as needed by the company.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

GREYCORTEX Releases Security Update to Patch Apache Log4j Vulnerability

GREYCORTEX is actively responding to the reported high severity vulnerability (CVE-2021 – 44228) that was found in the Apache Log4j library. All Mendel installations deployed in the last few years are vulnerable to this vulnerability. The new version, 3.8.0, which will be released in the upcoming days, is not affected and current versions 3.7.x and 3.6.x have now been covered with security updates.

Background

A high severity vulnerability (CVE-2021 – 44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.

Log4j is used as a component of our GREYCORTEX Mendel product. More information on the vulnerability can be found in the links below.

CVE-2021 – 44228 Detail (NIST)

CVE-2021 – 44228 vulnerability in Apache Log4j library (SecureList)

Is my Mendel deployment vulnerable? 

All Mendel installations deployed in the last few years are affected by this vulnerability but the vulnerable part of the Mendel deployment is NOT exposed to a direct Internet connection.

What can I do to mitigate and resolve this issue?

GREYCORTEX has actively responded to the reported remote code execution vulnerability in the Apache Log4j 2 Java library, dubbed Log4Shell (or LogJam). We have investigated and taken action regarding our product GREYCORTEX Mendel. The new version 3.8.0, which will be released in the upcoming days, is not affected and current versions 3.7.x and 3.6.x are now covered with security updates, which are automatically distributed through the update server.

Older systems will not be patched, customers who are using older versions are strongly advised to upgrade.

Mitigations: if you are not able to upgrade to the newer version or your Mendel instance does not have access to the update server, then please restrict access to Mendel via your firewall settings. It is recommended to restrict access only to a trustworthy IP address range, also for normal operations.

How can I find out if my Mendel system or other systems of our customers have been compromised?

Mendel includes a set of detection rules that can detect whether a vulnerability in the Apache Log4j logging framework has been exploited to attack the Mendel system itself or other systems in your infrastructure. These rules are automatically available through the GREYCORTEX update server. If your Mendel instance or your customer instance is online, these signatures will be added to it automatically.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

Detecting & Alerting Log4J with the SCADAfence Platform

Until two weeks ago, Log4j was just a popular Java logging framework, one of the numerous components that run in the background of many modern web applications. But since a zero-day vulnerability (CVE-2021-44228) was published, Log4j has made a huge impact on the security community as researchers found that it’s vulnerable to arbitrary code execution. 

The good news is that the Apache Software Foundation has already fixed and rolled out the patch for the vulnerability. On top of the patch, thanks to SCADAfence’s research and R&D team, our latest build supports the detection of Log4j exploit attempts.

Quick Recap of CVE-2021-44228 in Log4j

Log4J is an unauthenticated remote code execution (RCE, code injection) vulnerability in the popular Log4j logging framework for Java. By exploiting it, the attacker can easily execute any code from a remote source on the attacked target. NIST has given this vulnerability (CVE-2021-44228) a score of 10 out of 10, which reflects its criticality.

Over 3 billion devices run Java, and because there are only a handful of logging libraries, many of them are likely to run Log4j. Worse still, many internet-exposed target applications can be exploited by external users without authentication. 

Over the past two weeks, major OT vendors disclosed the security impact of this vulnerability on their software and equipment, and additional disclosures will continue as vendors work to identify the use of Log4j across their product lines. Originally, the Log4j vulnerability made it challenging to identify potentially impacted servers on a given network. For OT networks that have incorporated network segmentation, the risk from these protocols can be mitigated to an extent.

How To Ensure That Your Systems Are Safe

First, it’s important to understand that the root cause of this issue lies within the Log4j library. The Apache Software Foundation released an emergency patch for the vulnerability. You should upgrade your systems to Log4j 2.15.0 immediately or apply the appropriate mitigations.

Our OT security threat intelligence database learns about the different behavior to highlight activities attempting to leverage this vulnerability and to provide remediation guidance. Our customers are notified of log4j exploit attempts, and also on any anomaly detected by our anomalies engine. but our customers are already protected simply based on the efficacy of our anomaly detection.

The SCADAfence Platform, the Governance Portal, and the Multi-Site Portal do not use Log4J or the Apache server, and thus SCADAfence product installations are updated and secure from the Log4J vulnerability. Customers do not need to take action for any of our on-prem or hosted web solutions.

At SCADAfence, we felt network segmentation wasn’t enough to fight off the critical vulnerability. The latest build of the SCADAfence Platform detects and allows SCADAfence customers to leverage our OT security threat intelligence service to ensure they can patch and mitigate this exploit in any of their OT devices.

Log4J (6)

The SCADAfence Platform Detects & Alerts if an OT Asset is Vulnerable to the Log4Shell Vulnerability

We’ve updated our log4shells/log4j exploit detection inside the SCADAfence Platform as we have maneuvered ahead. We added CVE signatures to our database which detect and alert RCE (Remote Code Execution) exploits. 

The following CVEs were added to the SCADAfence database to correlate and alert of vulnerable OT assets: 

  1. CVE-2021-44228   
  2. CVE-2021-45046 
  3. CVE-2021-4104
  4. CVE-2020-9488
  5. CVE-2019-17571
  6. CVE-2017-5645

How Can You Deploy The Latest Version of SCADAfence

The latest version of the SCADAfence Platform which detects the CVE signatures relating to the vulnerability is available in build 6.6.1.167. To get the latest version, please contact your customer success representative.

If your organization is looking into securing its industrial networks, the experts at SCADAfence are seasoned veterans in this space and can show you how it’s done. 

To learn more about SCADAfence’s array of OT & IoT security products, and to see short product demos, click here: https://l.scadafence.com/demo

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

訊連科技推出FaceMe® Security 7.0 智慧安控軟體重大升級 大幅強化安控視訊管理及錄影能力,更可【以圖搜人】

【2021年12月10日,台北訊】— AI人工智慧領導廠商訊連科技(5203.TW)推出智慧安控軟體 FaceMe® Security之7.0版重大升級,提供全新設計之VMR Add-On附加套件,可讓保全人員透過樓層配置圖及圖庫檢視等多種方式,於單一檢視畫面快速預覽高達九路IP攝影機之視訊畫面。全新的「以圖搜人」功能則可讓用戶透過單張臉部相片,搜尋場域中同一位人士之所有紀錄。FaceMe® Security更全面支援H.265視訊格式,可大幅節省錄影空間,並支援DIDO數位訊號控制模組,串接電子門鎖、燈光等設備,可於偵測人員進入時自動開啟。

訊連科技推出FaceMe® Security 7.0 智慧安控軟體重大升級 大幅強化安控視訊管理及錄影能力,更可【以圖搜人】

FaceMe® Security為一款專為智慧工廠、辦公室、建築等場景設計的智慧安控軟體,提供身份辨識、門禁管理、健康偵測(口罩偵測及體溫量測)、即時監看、通知示警等多種智慧功能。FaceMe® Security可相容於現行IP安控架構,僅需增加部分邊緣運算裝置進行臉部偵測及特徵擷取,即可在現行安控架構下,快速導入人臉辨識相關應用。

FaceMe® Security的全新功能包括:

VMR Add-On – 即時視訊監看、錄影及回放

VMR Add-On – 即時視訊監看、錄影及回放

VMR Add-On (原Monitor Add-On)為FaceMe® Security中的視訊管理軟體,可安裝於保全式之一般個人電腦,讓保全人員即時預覽多個來自IP攝影機的影像串流,接收黑名單、VIP等特定人物之即時示警訊息,並可回放特殊事件、人物之視訊錄影片段。

全新版的VMR Add-On大幅強化了介面,提供樓層配置圖及圖庫檢視兩種模式,可讓保全人員更直覺地進行多路IP攝影機之視訊監看。全新的樓層配置圖模式,可讓保全將視訊畫面拖曳於樓層圖上,並可依需求調整視訊預覽視窗之位置及尺寸,圖庫檢視模式則可同時預覽最高九路之視訊。保全人員可於VMR Add-On中,設置多組樓層配置圖或圖庫檢視頁面,並快速切換,大幅提升即時監看的易用性。

FaceMe ® Security Central 管理介面 – 以圖搜人及客製化角色、群組

FaceMe ® Security Central 管理介面 – 以圖搜人及客製化角色、群組

FaceMe® Security Central為安裝於場域自建伺服器上的套件,可透過網頁瀏覽器進入管理介面,觀看訪客紀錄、事件列表,進行臉部資料庫管理、IP攝影機和工作站的系統設置等。於全新的7.0版中,FaceMe® Security Central新增了以圖搜人功能,可透過匯入單張臉部相片,來找尋特定人士(例如竊賊)於各路攝影機錄影存檔中出現的紀錄。此外,此新版本也提供更多的群組及角色功能,例如將公司各部門設置為不同群組,及設定主管、員工、外聘人員等不同角色,進而管理各類群組、角色進出特定場域之門禁管理。

全面支援H.265視訊格式

H.265是新一代的影像壓縮格式,相較於H.264格式,H.265於相同畫質下,檔案尺寸僅H.264之50% 至 75%。對IP安控來說,意味著可以大幅減少 NVR影像儲存設備的儲存空間,也因此支援H.265之IP攝影機。近年市面上主流的IP攝影機已大量普及,透過Intel CPU的Quick Sync 或Nvidia GPU,FaceMe® Security 7.0版可全面支援H.265視訊格式,包含RTSP串流、即時臉部偵測、特徵擷取、視訊錄製及回播等。

支援DIDO 數位訊號控制模組 – 可串接電子門鎖、燈光等設備

FaceMe® Security現可支援研華電腦(Advantech)之特定型號DIDO數位訊號控制模組,透過程式化設置,可於特定人員(如:員工)出現鏡頭前控制電子門鎖開啟、或進行特定區域(如:倉庫、機房)之人員門禁管理,此外,也可串接燈光系統,於人員進出時自動開關場域之燈光系統。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

關於CyberLink
訊連科技創立於1996年,擁有頂尖視訊與音訊技術的影音軟體公司,專精於數位影音軟體及多媒體串流應用解決方案產品研發,並以「抓準技術板塊,擴大全球行銷布局」的策略,深根台灣、佈局全球,展現亮麗的成績。訊連科技以先進的技術提供完美的高解析影音播放效果、以尖端的科技提供完整的高解析度擷取、編輯、製片及燒錄功能且完整支援各種高解析度影片及音訊格式。產品包括:「威力導演」、「PowerDVD」、「威力製片」、「威力酷燒」等。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×