SlideShare a Scribd company logo

Address Insider Threat of Privileged Users White Paper

NetIQ
NetIQ

Insiders Can Ruin Your Company. Take Action. Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper discusses key technology solutions that help to prevent and detect insider threats.

Technology
1 of 11
Download to read offline
Address the Insider Threat of Privileged Users Co-written by Dr. Eric Cole and NetIQ Corporation As a general rule, organizations typically grant IT administrators much more access than is required to make simple changes to their production servers and applications. In order to protect sensitive data, comply with regulations, and ensure the integrity of their IT infrastructure, organizations need to maintain a tighter control on their access. This white paper is divided into two sections. First, Dr. Eric Cole discusses the business issues around insiders, especially IT administrators. Second, NetIQ discusses how to reduce or eliminate many of the issues that Dr. Cole describes.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright © 2010 NetIQ Corporation. All rights reserved. ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies. WHITE PAPER: Address the Insider Threat of Privileged Users
Table of Contents  About Dr. Eric Cole ....................................................................................................................................... 1  Introduction ................................................................................................................................................... 1  The Importance of Understanding the Insider Threat by Dr. Eric Cole ........................................................ 1  Key Aspects of Insider Threat ................................................................................................................... 2  Insider vs. External Threat......................................................................................................................... 3  Why the Insider Threat Has Been Ignored ................................................................................................ 3  Current Solutions Do Not Scale ................................................................................................................ 3  The Threat Is Real ..................................................................................................................................... 4  Key Areas of Attention ............................................................................................................................... 6  Policies and Procedures ......................................................................................................................... 6  Audits ...................................................................................................................................................... 6  Access Controls ...................................................................................................................................... 6  NetIQ and the Insider Threat ........................................................................................................................ 7  Conclusion .................................................................................................................................................... 8  About NetIQ .................................................................................................................................................. 8  WHITE PAPER: Address the Insider Threat of Privileged Users
About Dr. Eric Cole Dr. Eric Cole has been working with international banks, Fortune 500 companies, and governmental agencies such as the CIA for more than 15 years to improve their security. In addition to being a hands- on expert, he is also a respected teacher, presenting at security conferences, working to explain security concerns to mass media through outlets like CBS News, 60 Minutes, and CNN, and by writing articles and books including Hackers Beware, Hiding in Plain Sight, and the Network Security Bible. Dr. Cole's book, Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, reminds us that insiders (trusted employees and contractors) can do more damage more quickly to an organization than any outside hacker. Introduction Worms! Viruses! Spyware! Mass media coverage (hysterics?) about external security threats has caused many of us to temporarily forget the most important rule-of-thumb about security – that 80 percent of the threat to any organization comes from inside. Trusted employees, IT staff, contractors, and outsourcers all have access to critical systems and are inside the primary lines of organizational defense. Whether the primary security concern is data integrity, financial compliance, or privacy protection, administrators must ensure that the insider threat is comprehended and contained. Most organizations deal with insider threats by defining application roles, restricting access to data, and identifying strict audit rules. Often forgotten are their computer administrators. IT administrators are granted eminent powers over servers, Active Directory, and applications as part of their jobs. Until recently, a solution did not exist to limit this power, outside of partial solutions like logs, but administrators by definition have been able to evade those solutions. The Importance of Understanding the Insider Threat by Dr. Eric Cole1 Organizations often think that once they hire an employee or a contractor, that person is now a part of a trusted group of people. Although an organization might allow an employee privileged access, why should they trust that person? Many organizations do not perform background checks or reference checks. As long as the hiring manager likes them, they will hire them. Many people might not be who you think they are. It can be an expensive, if not a fatal mistake for a company to improperly validate their background. Because many organizations, in essence, hire complete strangers who are really unknown and give them access to sensitive data, the insider threat is something that all organizations must worry about. If a competitor or similar entity wants to cause damage to your organization – steal critical secrets or put you out of business – here is a good example of how they could succeed, if granted access. They would locate a job opening, prep someone to ace the interview, have that person get hired, and they are inside your organization. The fact that it is that easy should alarm you. Many companies have jobs open for several weeks and it could take a couple of weeks to set up an interview. That gives a competitor focused on your company a four-week period to prep someone to ace an interview. This is a current practice of foreign governments. They know that a key requirement for that 1 Pages one through six are excerpts from the book Insider Threat by Dr. Eric Cole. WHITE PAPER: Address the Insider Threat of Privileged Users | 1
person is to pass the polygraph. Their candidate is put through intensive training so that he or she can pass the polygraph. This points out a key disadvantage that organizations have. The attacker is aware of your hiring process and all they have to do is prep someone so they ace that part of the process. Insider threat is occurring all the time, but since it is happening within an organization, it is a private attack. Public attacks like defacing a Web site are hard for a company to deny. Private attacks are much easier to conceal. Because these attacks are being perpetrated by trusted insiders, you need to understand the damage they can cause, how to build proper measures to prevent the attack, how to minimize the damage, and, at a minimum, how to detect the attacks in a timely manner. Many of the measures companies deploy today are ineffective against an insider threat. When companies discuss securing their enterprise, they are concerned with the external attack, forgetting about the damage that an insider can cause. The United States Secret Service is conducting a series of studies on the insider threat. Why? Because billions of dollars are being lost. You will never be able to completely remove the insider threat because companies need to be able to function. If you fire all your employees, you might have prevented the insider attack, but you will also go out of business. The key is to strike a balance between the access your employees need and the access your employees currently have. Key Aspects of Insider Threat The key aspect to remember when dealing with threatening insiders is that in most cases, they will exploit the weakest link that gives them the greatest chance of access, while minimizing the chances that they get caught. Why try to break through a firewall and gain access to a system with a private address, when you can find someone behind the firewall with full access to the system? It has been emphasized many times, but taking advantage of access is a driving force in the insider attack. Most people, when they think of attackers, think of someone with a huge amount of technical sophistication that can walk through virtual cyber walls and gain access to anything that they want. However, insiders take advantage of the fact that they already have access, so many of the attack methods tend to be less technically sophisticated. In some cases, if an insider has partial access, they will sometimes use additional techniques to increase their access. However, since they are typically not dealing with any security devices, most of the methods tend to be fairly straightforward. It is also important to remember that to launch an effective attack, attackers need knowledge of the organization they are trying to attack. External attackers could spend weeks, if not longer, trying to acquire the information they need to launch a successful attack. In some cases, if they cannot gain enough knowledge, they might decide to go against a different target. In the case of the insider, he has full knowledge of your operations. He knows what is checked and what is not checked and can even test the system. For example, when he is trying to access his private share, he could click on someone else’s and see if anyone notices. If he does this multiple times and nothing ever happens, he has now gained valuable knowledge that either access is not being logged or not being watched. Because he has access to your operations, he either has detailed knowledge of how things operate or he can gain it quickly by testing the system. WHITE PAPER: Address the Insider Threat of Privileged Users | 2
Insider vs. External Threat Instead of arguing over whether an insider threat versus an external threat causes the most damage, the short answer is: They both can cause damage and they both have to be addressed. The problem to date is that most security efforts have been focused on the external threat. For most organizations, more energy and effort have been placed on the external threat rather than the internal threat. The reason is simple: It is easier to stop, easier to control, and it is more visible. If you have system “x” you can state that it should not be accessible from the Internet and have measures in place to prevent it. Then if someone accesses it externally, it sets off a flag. The problem with the insider threat is that people are supposed to access server “x” but only for legitimate purposes. Now you have to measure intent when someone accesses data, which is almost impossible to do. In addition, the outsider threat is more understood. We understand the means and methods that are utilized to attack systems because we have case studies and history to back it up. With insider threat we know it happens and it is damaging, but we have less factual data to base conclusions on. Companies that are going to survive and thrive are going to need to turn their focus to the insider and take preventative action against these types of threats. Otherwise, by the time the threat occurs, there will not be much of their company left to save. Why the Insider Threat Has Been Ignored At this point you might be saying that if the insider threat is so damaging, why has it been ignored and why haven’t people been focused on it earlier? There are many reasons for this. First, it is not an easy problem. It is very hard to understand and almost impossible to grasp. Both the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) knew of the potential damages of insider threat and took many measures to prevent it. However, over the past ten years they have still been severely impacted by it. There are three key reasons that the insider threat has been ignored: 1. Organizations do not know it is happening. 2. It is easy to be in denial. 3. Organizations fear bad publicity. Current Solutions Do Not Scale Most security devices that are deployed at organizations are meant to stop the external attack. Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are based off of some attack vector that they are trying to prevent. Firewalls block access to certain ports, which stop an attacker but do not stop an insider. If an insider needs access to certain information to do his job, a firewall will allow it. If that person uploads data to an external site or e-mails it to an unauthorized party, it is almost impossible for a firewall to prevent. IDS and IPS work off known signatures of attack. Most external attacks have known signatures. Most internal attacks do not. In addition, most security devices are deployed at the perimeter. Once you get past the perimeter there are minimal internal protection measures. As we have discussed, limiting access and implementing policies and procedures are key to preventing the insider threat. It should not be surprising that most organizations do a terrible job at controlling access and an even worse job at having clear, consistent policies. While companies claim they are doing this, WHITE PAPER: Address the Insider Threat of Privileged Users | 3
they are not doing it well. Security measures that are in place are mainly for the perimeter and do not scale to the insider. Measures that will protect against the insider are hard to implement at a large organization and do not scale very well. The Threat Is Real Insider threat is no longer a fictitious concept that people write about and that you see in movies. It is real and it is happening consistently, and those who do not take it seriously may be hurt by its results. Think of the damage that viruses and worms cause to organizations. These are attacks that start on the Internet and manage to get through organizations’ firewalls, perimeters, and security devices and cause severe loss. If an external worm can penetrate an organization with ease, what can someone who is behind the firewall and the security perimeter do? The short answer is: Almost anything they want. Although people can argue over the validity and strength of firewalls, IDS, and perimeter security, at least there are some measures in place. When it comes to insiders, there is little stopping them because they are a trusted entity. What is even worse than not preventing them is not trying to detect their actions. This means that not only is nothing stopping an insider but there is nothing in place that is watching or recording their actions to even detect that something is happening. As we talked about earlier, many organizations would rather live in denial than fix the problem. Unfortunately with a real threat, denial will only cause more harm. The insider threat is like a tumor. If you realize there is a problem and address it, you will have short-term suffering but a good chance of recovery. If you ignore it, it will keep getting worse, and while you might have short-term enjoyment, it will most likely kill you. You might be saying that you acknowledge that the threat is real but that your company is not vulnerable. The reality is that almost every organization is vulnerable because almost every organization has minimal, if any controls in place and do not carefully control access to data. Some organizations might have some basic access controls in place, but that is not good enough. If even one person has more access than they need to do their job, that is too much access. Giving everyone the least access they need to do their job is critical, plus putting auditing measures in place to track behavior, even if you know that access is strictly controlled. What stops someone who has legitimate access to a file from e-mailing it to someone who should not have access? Not only do you have to strictly control access, you must also monitor it. Too much access is what leads to ultimate compromise and too little monitoring leads to someone not being caught or controlled. Both play a critical role in your insider threat arsenal. More and more organizations are starting to recognize that insider threat is important. The problem is that it is after the fact. I know of a multitude of companies that have been victims to insider threat. I do not know of any that have successfully stopped an insider threat initially. All of our case studies, histories, and knowledge of insider threat are after the problem occurs and a company becomes compromised. The real problem is we are not finding out about the problem because the insiders are being caught. At least if we caught the insider after the fact we could stop that person from doing it again. Unfortunately, we know it is happening but we do not know who did it. This creates a double-edged sword. Most WHITE PAPER: Address the Insider Threat of Privileged Users | 4
executives do not believe what they cannot see, so they initially do not take insider threat seriously. Then, after it happens and there is critical damage, they ask why they weren’t warned or told it was a problem so they could have fixed it. In 2005, it is estimated that more than 10 million identities were stolen, with a loss of more than $50 million resulting from it. What more proof do we want that this is a real threat? You might ask what stolen identities have to do with insider threat. The answer is: there is a direct correlation. How is personal information taken to steal someone’s identity? It is taken through an insider who has access to that information for the company they work for. Credit card fraud and identity theft are both caused by insiders stealing information they should not have access to. The Bali nightclub bomber wrote a manifesto from jail in 2004 urging terrorists to take terrorism to cyberspace. Why? Because he knew that was a weak link that could easily be exploited. Organizations and countries have critical infrastructures all stored in computers. If that information is compromised, it could have the same impact as an actual bomb. The book Unrestricted Warfare, by Qiao Liang and Wang Xiangsui (Beijing: PLA Literature and Arts Publishing House, February 1999), which can be downloaded at http://www.terrorism.com/documents/TRC-Analysis/unrestricted.pdf, talks about how cyber weapons will become the weapons of the future. The key fact is that this levels the playing field across all countries. Who can compete with the nuclear arsenal of the U.S.? However, with cyber weapons, all the barriers to entry and monitoring are gone. Just think if you put together two or three of the cyber weapons together in a coordinated fashion, you would have the cyber version of the perfect storm. Insider threat needs to be moved up in importance and discussed in boardrooms prior to attacks, not after significant monetary loss. Proactive measures need to be taken to stop insider attacks from occurring, not reactive measures to clean up the mess. What is scary is there is really minimal skill needed to launch these attacks. You really do not need to know anything if you have access. You just drag and drop information you should not be sending outside the company and you e-mail it to a competitor or a Windows Hotmail account. Years of company Intellectual Property (IP) can be extracted in minutes. Even if you do not have access, there are tools you can download and run to get access. If you can install Microsoft Office, you can install and run these tools. Unfortunately, they are really that easy to use. These tools are publicly available, free for the taking. The sale of stolen IP makes the stolen car industry look “small time.” It is happening constantly and is such a normal occurrence that people do not even realize it. An unprotected computer is an insider threat even if the user of the system is the most ethical employee on the planet. The computer and account has trusted access, not the person, and if someone can compromise the system because the person went to lunch and left his system unlocked, that is a huge source of insider threat and potential loss for a company. We can predict with high reliability snowstorms and severe weather before they occur. This early warning system enables people to prepare and take action to help minimize the damage. The reason we can predict weather is because we look for indicators using radar and other advanced techniques. We need to develop cyber indicators. Some initial indicators that could show a company is vulnerable are: no or weak policies, weak passwords, and no list of critical assets. If we can better identify and track these cyber indicators, we will have a better chance of reacting to the problem. WHITE PAPER: Address the Insider Threat of Privileged Users | 5
Key Areas of Attention While there is a lot for an organization to focus on with regards to insider threat, there are some critical areas they need to concentrate on. These areas have been alluded to earlier in the paper, but they are critical enough to have their own section. Policies and Procedures Many companies, from a cyber perspective, lack clear control and direction in terms of protecting and controlling access to their critical assets. While companies are focusing on long-term strategic plans for their organizations, they need to address the critical IP and put together clear guidelines for what is expected of their insiders. As we move forward, the lack of solid policies is going to manifest itself more and more in companies. Companies that are serious about the insider threat are going to realize that the old style of inefficient policies is no longer going to work. Therefore, instead of trying to re-work existing policies, companies are going to realize that they are going to have to rewrite their policies from scratch. It is critical with any organization that everyone is on the same page with regards to protection of information. Just because you have a policy does not mean people will follow it; however, without the policy as the starting point, there is no way you can perform consistent enforcement across an organization. While it is difficult, and executives never want to put things in writing, it is critical that a clear, concise policy with appropriate repercussions be put in place. With new and existing regulations, policies will play a key role, since organizations are required to clearly document their stance on security and how they are going to achieve it. Written policies are a perfect way to capture this information. Audits If an organization is going to maintain a proper level of security and prevent the insider threat from performing serious harm, they must know what is happening. The best way to know who is accessing what is through regular and thorough audits. Just because an organization is secure today does not mean they will be secure tomorrow. Only through regular audits can a company keep their arms around the problem and make sure security is properly maintained. By themselves, audits are a good thing, but with all of the new regulations, audits are becoming a necessity. At a fundamental level, how can organizations know they are compliant with a given regulation if they are not validating it on a regular basis? The key problem with audits is they are very difficult to perform and almost impossible to do manually. Key software products and tools are needed to help organizations not only produce detailed reports but also analyze them in a time efficient manner. Access Controls Access is the gateway in which the insider threat is manifested. Typically, in most organizations, access control is poorly implemented and poorly understood. Moving forward, companies are going to have to change this. Those that have been burnt in the past by insider threat or those that want to make sure they do not get burnt moving forward, will have to take the time to properly control access to critical data. This is a multi-staged process, involving identifying critical IP, determining who should have access to it, and controlling and tracking that access. WHITE PAPER: Address the Insider Threat of Privileged Users | 6
NetIQ and the Insider Threat NetIQ security products provide the ability to monitor and control privileged activity as well as remove the need to grant powerful, general-purpose accounts to IT operators that are traditionally required for them to do their jobs. In delivering these capabilities, NetIQ helps enterprise and mid-market customers address the following issues and needs: • Monitoring privileged users – Administrators and users with extensive privileged access to critical resources represent a significant vulnerability. Their activities must be managed and monitored in such a way as to protect the systems they are accessing without reducing their ability to do their job. • Excessive native and escalated account privileges – Administrators are faced with granting escalated privileges so that operators or contractors can perform tasks, many of which are relatively minor compared with the level of access they are granted. The potential then exists for these accounts to be abused or compromised and for their activity to be concealed. • Meeting audit requirements – Today the process of auditing changes and other activities can result in a time-intensive manual effort that still proves to be inadequate to meet current regulatory requirements for demonstrating separation of duties. • Managing an increasing number of servers and applications with fewer administrators – For large IT organizations, there is an ever increasing tendency to increase the number of servers and applications, while seeking to maintain or reduce the amount of administrative overhead. NetIQ delivers two product families in its security portfolio to address these needs: NetIQ® Directory and Resource Administrator™ and NetIQ® Change Guardian™. NetIQ Directory and Resource Administrator mediates access to Microsoft Active Directory, limiting the user to particular actions for specific views of the overall directory. As part of NetIQ’s identity and access management offering, it supports user provisioning and other automated tasks and processes. It also eases directory consolidation efforts and helps enforce security policies and segregation of duties. Moreover, NetIQ® Identity Integration Suite seamlessly integrates your Unix, Linux, Macintosh, VMware ESX and other platforms with Active Directory so that you can manage and secure access to these critical systems using the same authentication, authorization, and Microsoft Group Policy services currently deployed for your Microsoft Windows systems. NetIQ Change Guardian products provide real-time monitoring and notification of changes across your distributed environment, providing detailed insight into files, directories, file shares, registry keys (on Windows), system processes, database activity (on Oracle, Microsoft, Sybase and other databases) and more. They also deliver enhanced audit information in order to provide greater fidelity and clarity of information than native log events can provide, and recording pre- and post-change information for improved incident analysis. NetIQ provides other products to address data protection and regulatory compliance needs. To learn more, visit NetIQ.com. WHITE PAPER: Address the Insider Threat of Privileged Users | 7
Conclusion Addressing the potential for insider threats is a vital, yet often overlooked security imperative for virtually all organizations worldwide. With the increased dependence on technology to support key business processes and activities, companies are vulnerable to a “trusted” insider causing irreparable harm to their business. While the majority of security resources are spent preventing the anonymous hacker from causing harm, organizations need to be aware of the even greater threat of the trusted insider. Studies have shown that insiders can do far more harm than external hackers as a result of their unfettered access to critical system and the general lack of oversight and accountability. An intrusion detection system may immediately notify IT security of a hacker infiltration, but the tools to notify and address unauthorized changes made by insiders are relatively new to the market. Most worrying of all, organizations typically do not realize that damage has been done by an insider until it’s too late. NetIQ offers a set of products designed to control, manage and audit changes within your IT infrastructure. These products assure that any changes made to your IT environment are managed to prevent any disruption of services or introduction of security vulnerabilities. These solutions address the insider threat by tightly controlling and provisioning access to servers and applications, and monitoring for unplanned and unauthorized changes – increasing compliance and assuring operational integrity across your critical assets. About NetIQ NetIQ is an enterprise software company with relentless focus on customer success. Customers and partners choose NetIQ to cost-effectively tackle information protection challenges and IT operations complexities. Our portfolio of scalable, automated management solutions for Security & Compliance, Identity & Access, and Performance & Availability and our practical, focused approach to solving IT challenges help customers realize greater strategic value, demonstrable business improvement and cost savings over alternative approaches. For more information, visit NetIQ.com. WHITE PAPER: Address the Insider Threat of Privileged Users | 8

Recommended

The Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperThe Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperNetIQ
 
Developing a Secure Active Directory
Developing a Secure Active DirectoryDeveloping a Secure Active Directory
Developing a Secure Active DirectoryNathan Buuck
 
Brainshare 2014 Presentation Final
Brainshare 2014 Presentation FinalBrainshare 2014 Presentation Final
Brainshare 2014 Presentation FinalTom Lockhart
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 

Recommended

The Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperThe Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperNetIQ
 
Developing a Secure Active Directory
Developing a Secure Active DirectoryDeveloping a Secure Active Directory
Developing a Secure Active DirectoryNathan Buuck
 
Brainshare 2014 Presentation Final
Brainshare 2014 Presentation FinalBrainshare 2014 Presentation Final
Brainshare 2014 Presentation FinalTom Lockhart
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense ReportNetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered SecurityNetIQ
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

More Related Content

More from NetIQ

Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense ReportNetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered SecurityNetIQ
 

More from NetIQ (20)

Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered Security
 

Recently uploaded

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 

Recently uploaded (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 

Address Insider Threat of Privileged Users White Paper

  • 1. Address the Insider Threat of Privileged Users Co-written by Dr. Eric Cole and NetIQ Corporation As a general rule, organizations typically grant IT administrators much more access than is required to make simple changes to their production servers and applications. In order to protect sensitive data, comply with regulations, and ensure the integrity of their IT infrastructure, organizations need to maintain a tighter control on their access. This white paper is divided into two sections. First, Dr. Eric Cole discusses the business issues around insiders, especially IT administrators. Second, NetIQ discusses how to reduce or eliminate many of the issues that Dr. Cole describes.
  • 2. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright © 2010 NetIQ Corporation. All rights reserved. ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies. WHITE PAPER: Address the Insider Threat of Privileged Users
  • 3. Table of Contents  About Dr. Eric Cole ....................................................................................................................................... 1  Introduction ................................................................................................................................................... 1  The Importance of Understanding the Insider Threat by Dr. Eric Cole ........................................................ 1  Key Aspects of Insider Threat ................................................................................................................... 2  Insider vs. External Threat......................................................................................................................... 3  Why the Insider Threat Has Been Ignored ................................................................................................ 3  Current Solutions Do Not Scale ................................................................................................................ 3  The Threat Is Real ..................................................................................................................................... 4  Key Areas of Attention ............................................................................................................................... 6  Policies and Procedures ......................................................................................................................... 6  Audits ...................................................................................................................................................... 6  Access Controls ...................................................................................................................................... 6  NetIQ and the Insider Threat ........................................................................................................................ 7  Conclusion .................................................................................................................................................... 8  About NetIQ .................................................................................................................................................. 8  WHITE PAPER: Address the Insider Threat of Privileged Users
  • 4. About Dr. Eric Cole Dr. Eric Cole has been working with international banks, Fortune 500 companies, and governmental agencies such as the CIA for more than 15 years to improve their security. In addition to being a hands- on expert, he is also a respected teacher, presenting at security conferences, working to explain security concerns to mass media through outlets like CBS News, 60 Minutes, and CNN, and by writing articles and books including Hackers Beware, Hiding in Plain Sight, and the Network Security Bible. Dr. Cole's book, Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, reminds us that insiders (trusted employees and contractors) can do more damage more quickly to an organization than any outside hacker. Introduction Worms! Viruses! Spyware! Mass media coverage (hysterics?) about external security threats has caused many of us to temporarily forget the most important rule-of-thumb about security – that 80 percent of the threat to any organization comes from inside. Trusted employees, IT staff, contractors, and outsourcers all have access to critical systems and are inside the primary lines of organizational defense. Whether the primary security concern is data integrity, financial compliance, or privacy protection, administrators must ensure that the insider threat is comprehended and contained. Most organizations deal with insider threats by defining application roles, restricting access to data, and identifying strict audit rules. Often forgotten are their computer administrators. IT administrators are granted eminent powers over servers, Active Directory, and applications as part of their jobs. Until recently, a solution did not exist to limit this power, outside of partial solutions like logs, but administrators by definition have been able to evade those solutions. The Importance of Understanding the Insider Threat by Dr. Eric Cole1 Organizations often think that once they hire an employee or a contractor, that person is now a part of a trusted group of people. Although an organization might allow an employee privileged access, why should they trust that person? Many organizations do not perform background checks or reference checks. As long as the hiring manager likes them, they will hire them. Many people might not be who you think they are. It can be an expensive, if not a fatal mistake for a company to improperly validate their background. Because many organizations, in essence, hire complete strangers who are really unknown and give them access to sensitive data, the insider threat is something that all organizations must worry about. If a competitor or similar entity wants to cause damage to your organization – steal critical secrets or put you out of business – here is a good example of how they could succeed, if granted access. They would locate a job opening, prep someone to ace the interview, have that person get hired, and they are inside your organization. The fact that it is that easy should alarm you. Many companies have jobs open for several weeks and it could take a couple of weeks to set up an interview. That gives a competitor focused on your company a four-week period to prep someone to ace an interview. This is a current practice of foreign governments. They know that a key requirement for that 1 Pages one through six are excerpts from the book Insider Threat by Dr. Eric Cole. WHITE PAPER: Address the Insider Threat of Privileged Users | 1
  • 5. person is to pass the polygraph. Their candidate is put through intensive training so that he or she can pass the polygraph. This points out a key disadvantage that organizations have. The attacker is aware of your hiring process and all they have to do is prep someone so they ace that part of the process. Insider threat is occurring all the time, but since it is happening within an organization, it is a private attack. Public attacks like defacing a Web site are hard for a company to deny. Private attacks are much easier to conceal. Because these attacks are being perpetrated by trusted insiders, you need to understand the damage they can cause, how to build proper measures to prevent the attack, how to minimize the damage, and, at a minimum, how to detect the attacks in a timely manner. Many of the measures companies deploy today are ineffective against an insider threat. When companies discuss securing their enterprise, they are concerned with the external attack, forgetting about the damage that an insider can cause. The United States Secret Service is conducting a series of studies on the insider threat. Why? Because billions of dollars are being lost. You will never be able to completely remove the insider threat because companies need to be able to function. If you fire all your employees, you might have prevented the insider attack, but you will also go out of business. The key is to strike a balance between the access your employees need and the access your employees currently have. Key Aspects of Insider Threat The key aspect to remember when dealing with threatening insiders is that in most cases, they will exploit the weakest link that gives them the greatest chance of access, while minimizing the chances that they get caught. Why try to break through a firewall and gain access to a system with a private address, when you can find someone behind the firewall with full access to the system? It has been emphasized many times, but taking advantage of access is a driving force in the insider attack. Most people, when they think of attackers, think of someone with a huge amount of technical sophistication that can walk through virtual cyber walls and gain access to anything that they want. However, insiders take advantage of the fact that they already have access, so many of the attack methods tend to be less technically sophisticated. In some cases, if an insider has partial access, they will sometimes use additional techniques to increase their access. However, since they are typically not dealing with any security devices, most of the methods tend to be fairly straightforward. It is also important to remember that to launch an effective attack, attackers need knowledge of the organization they are trying to attack. External attackers could spend weeks, if not longer, trying to acquire the information they need to launch a successful attack. In some cases, if they cannot gain enough knowledge, they might decide to go against a different target. In the case of the insider, he has full knowledge of your operations. He knows what is checked and what is not checked and can even test the system. For example, when he is trying to access his private share, he could click on someone else’s and see if anyone notices. If he does this multiple times and nothing ever happens, he has now gained valuable knowledge that either access is not being logged or not being watched. Because he has access to your operations, he either has detailed knowledge of how things operate or he can gain it quickly by testing the system. WHITE PAPER: Address the Insider Threat of Privileged Users | 2
  • 6. Insider vs. External Threat Instead of arguing over whether an insider threat versus an external threat causes the most damage, the short answer is: They both can cause damage and they both have to be addressed. The problem to date is that most security efforts have been focused on the external threat. For most organizations, more energy and effort have been placed on the external threat rather than the internal threat. The reason is simple: It is easier to stop, easier to control, and it is more visible. If you have system “x” you can state that it should not be accessible from the Internet and have measures in place to prevent it. Then if someone accesses it externally, it sets off a flag. The problem with the insider threat is that people are supposed to access server “x” but only for legitimate purposes. Now you have to measure intent when someone accesses data, which is almost impossible to do. In addition, the outsider threat is more understood. We understand the means and methods that are utilized to attack systems because we have case studies and history to back it up. With insider threat we know it happens and it is damaging, but we have less factual data to base conclusions on. Companies that are going to survive and thrive are going to need to turn their focus to the insider and take preventative action against these types of threats. Otherwise, by the time the threat occurs, there will not be much of their company left to save. Why the Insider Threat Has Been Ignored At this point you might be saying that if the insider threat is so damaging, why has it been ignored and why haven’t people been focused on it earlier? There are many reasons for this. First, it is not an easy problem. It is very hard to understand and almost impossible to grasp. Both the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) knew of the potential damages of insider threat and took many measures to prevent it. However, over the past ten years they have still been severely impacted by it. There are three key reasons that the insider threat has been ignored: 1. Organizations do not know it is happening. 2. It is easy to be in denial. 3. Organizations fear bad publicity. Current Solutions Do Not Scale Most security devices that are deployed at organizations are meant to stop the external attack. Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are based off of some attack vector that they are trying to prevent. Firewalls block access to certain ports, which stop an attacker but do not stop an insider. If an insider needs access to certain information to do his job, a firewall will allow it. If that person uploads data to an external site or e-mails it to an unauthorized party, it is almost impossible for a firewall to prevent. IDS and IPS work off known signatures of attack. Most external attacks have known signatures. Most internal attacks do not. In addition, most security devices are deployed at the perimeter. Once you get past the perimeter there are minimal internal protection measures. As we have discussed, limiting access and implementing policies and procedures are key to preventing the insider threat. It should not be surprising that most organizations do a terrible job at controlling access and an even worse job at having clear, consistent policies. While companies claim they are doing this, WHITE PAPER: Address the Insider Threat of Privileged Users | 3
  • 7. they are not doing it well. Security measures that are in place are mainly for the perimeter and do not scale to the insider. Measures that will protect against the insider are hard to implement at a large organization and do not scale very well. The Threat Is Real Insider threat is no longer a fictitious concept that people write about and that you see in movies. It is real and it is happening consistently, and those who do not take it seriously may be hurt by its results. Think of the damage that viruses and worms cause to organizations. These are attacks that start on the Internet and manage to get through organizations’ firewalls, perimeters, and security devices and cause severe loss. If an external worm can penetrate an organization with ease, what can someone who is behind the firewall and the security perimeter do? The short answer is: Almost anything they want. Although people can argue over the validity and strength of firewalls, IDS, and perimeter security, at least there are some measures in place. When it comes to insiders, there is little stopping them because they are a trusted entity. What is even worse than not preventing them is not trying to detect their actions. This means that not only is nothing stopping an insider but there is nothing in place that is watching or recording their actions to even detect that something is happening. As we talked about earlier, many organizations would rather live in denial than fix the problem. Unfortunately with a real threat, denial will only cause more harm. The insider threat is like a tumor. If you realize there is a problem and address it, you will have short-term suffering but a good chance of recovery. If you ignore it, it will keep getting worse, and while you might have short-term enjoyment, it will most likely kill you. You might be saying that you acknowledge that the threat is real but that your company is not vulnerable. The reality is that almost every organization is vulnerable because almost every organization has minimal, if any controls in place and do not carefully control access to data. Some organizations might have some basic access controls in place, but that is not good enough. If even one person has more access than they need to do their job, that is too much access. Giving everyone the least access they need to do their job is critical, plus putting auditing measures in place to track behavior, even if you know that access is strictly controlled. What stops someone who has legitimate access to a file from e-mailing it to someone who should not have access? Not only do you have to strictly control access, you must also monitor it. Too much access is what leads to ultimate compromise and too little monitoring leads to someone not being caught or controlled. Both play a critical role in your insider threat arsenal. More and more organizations are starting to recognize that insider threat is important. The problem is that it is after the fact. I know of a multitude of companies that have been victims to insider threat. I do not know of any that have successfully stopped an insider threat initially. All of our case studies, histories, and knowledge of insider threat are after the problem occurs and a company becomes compromised. The real problem is we are not finding out about the problem because the insiders are being caught. At least if we caught the insider after the fact we could stop that person from doing it again. Unfortunately, we know it is happening but we do not know who did it. This creates a double-edged sword. Most WHITE PAPER: Address the Insider Threat of Privileged Users | 4
  • 8. executives do not believe what they cannot see, so they initially do not take insider threat seriously. Then, after it happens and there is critical damage, they ask why they weren’t warned or told it was a problem so they could have fixed it. In 2005, it is estimated that more than 10 million identities were stolen, with a loss of more than $50 million resulting from it. What more proof do we want that this is a real threat? You might ask what stolen identities have to do with insider threat. The answer is: there is a direct correlation. How is personal information taken to steal someone’s identity? It is taken through an insider who has access to that information for the company they work for. Credit card fraud and identity theft are both caused by insiders stealing information they should not have access to. The Bali nightclub bomber wrote a manifesto from jail in 2004 urging terrorists to take terrorism to cyberspace. Why? Because he knew that was a weak link that could easily be exploited. Organizations and countries have critical infrastructures all stored in computers. If that information is compromised, it could have the same impact as an actual bomb. The book Unrestricted Warfare, by Qiao Liang and Wang Xiangsui (Beijing: PLA Literature and Arts Publishing House, February 1999), which can be downloaded at http://www.terrorism.com/documents/TRC-Analysis/unrestricted.pdf, talks about how cyber weapons will become the weapons of the future. The key fact is that this levels the playing field across all countries. Who can compete with the nuclear arsenal of the U.S.? However, with cyber weapons, all the barriers to entry and monitoring are gone. Just think if you put together two or three of the cyber weapons together in a coordinated fashion, you would have the cyber version of the perfect storm. Insider threat needs to be moved up in importance and discussed in boardrooms prior to attacks, not after significant monetary loss. Proactive measures need to be taken to stop insider attacks from occurring, not reactive measures to clean up the mess. What is scary is there is really minimal skill needed to launch these attacks. You really do not need to know anything if you have access. You just drag and drop information you should not be sending outside the company and you e-mail it to a competitor or a Windows Hotmail account. Years of company Intellectual Property (IP) can be extracted in minutes. Even if you do not have access, there are tools you can download and run to get access. If you can install Microsoft Office, you can install and run these tools. Unfortunately, they are really that easy to use. These tools are publicly available, free for the taking. The sale of stolen IP makes the stolen car industry look “small time.” It is happening constantly and is such a normal occurrence that people do not even realize it. An unprotected computer is an insider threat even if the user of the system is the most ethical employee on the planet. The computer and account has trusted access, not the person, and if someone can compromise the system because the person went to lunch and left his system unlocked, that is a huge source of insider threat and potential loss for a company. We can predict with high reliability snowstorms and severe weather before they occur. This early warning system enables people to prepare and take action to help minimize the damage. The reason we can predict weather is because we look for indicators using radar and other advanced techniques. We need to develop cyber indicators. Some initial indicators that could show a company is vulnerable are: no or weak policies, weak passwords, and no list of critical assets. If we can better identify and track these cyber indicators, we will have a better chance of reacting to the problem. WHITE PAPER: Address the Insider Threat of Privileged Users | 5
  • 9. Key Areas of Attention While there is a lot for an organization to focus on with regards to insider threat, there are some critical areas they need to concentrate on. These areas have been alluded to earlier in the paper, but they are critical enough to have their own section. Policies and Procedures Many companies, from a cyber perspective, lack clear control and direction in terms of protecting and controlling access to their critical assets. While companies are focusing on long-term strategic plans for their organizations, they need to address the critical IP and put together clear guidelines for what is expected of their insiders. As we move forward, the lack of solid policies is going to manifest itself more and more in companies. Companies that are serious about the insider threat are going to realize that the old style of inefficient policies is no longer going to work. Therefore, instead of trying to re-work existing policies, companies are going to realize that they are going to have to rewrite their policies from scratch. It is critical with any organization that everyone is on the same page with regards to protection of information. Just because you have a policy does not mean people will follow it; however, without the policy as the starting point, there is no way you can perform consistent enforcement across an organization. While it is difficult, and executives never want to put things in writing, it is critical that a clear, concise policy with appropriate repercussions be put in place. With new and existing regulations, policies will play a key role, since organizations are required to clearly document their stance on security and how they are going to achieve it. Written policies are a perfect way to capture this information. Audits If an organization is going to maintain a proper level of security and prevent the insider threat from performing serious harm, they must know what is happening. The best way to know who is accessing what is through regular and thorough audits. Just because an organization is secure today does not mean they will be secure tomorrow. Only through regular audits can a company keep their arms around the problem and make sure security is properly maintained. By themselves, audits are a good thing, but with all of the new regulations, audits are becoming a necessity. At a fundamental level, how can organizations know they are compliant with a given regulation if they are not validating it on a regular basis? The key problem with audits is they are very difficult to perform and almost impossible to do manually. Key software products and tools are needed to help organizations not only produce detailed reports but also analyze them in a time efficient manner. Access Controls Access is the gateway in which the insider threat is manifested. Typically, in most organizations, access control is poorly implemented and poorly understood. Moving forward, companies are going to have to change this. Those that have been burnt in the past by insider threat or those that want to make sure they do not get burnt moving forward, will have to take the time to properly control access to critical data. This is a multi-staged process, involving identifying critical IP, determining who should have access to it, and controlling and tracking that access. WHITE PAPER: Address the Insider Threat of Privileged Users | 6
  • 10. NetIQ and the Insider Threat NetIQ security products provide the ability to monitor and control privileged activity as well as remove the need to grant powerful, general-purpose accounts to IT operators that are traditionally required for them to do their jobs. In delivering these capabilities, NetIQ helps enterprise and mid-market customers address the following issues and needs: • Monitoring privileged users – Administrators and users with extensive privileged access to critical resources represent a significant vulnerability. Their activities must be managed and monitored in such a way as to protect the systems they are accessing without reducing their ability to do their job. • Excessive native and escalated account privileges – Administrators are faced with granting escalated privileges so that operators or contractors can perform tasks, many of which are relatively minor compared with the level of access they are granted. The potential then exists for these accounts to be abused or compromised and for their activity to be concealed. • Meeting audit requirements – Today the process of auditing changes and other activities can result in a time-intensive manual effort that still proves to be inadequate to meet current regulatory requirements for demonstrating separation of duties. • Managing an increasing number of servers and applications with fewer administrators – For large IT organizations, there is an ever increasing tendency to increase the number of servers and applications, while seeking to maintain or reduce the amount of administrative overhead. NetIQ delivers two product families in its security portfolio to address these needs: NetIQ® Directory and Resource Administrator™ and NetIQ® Change Guardian™. NetIQ Directory and Resource Administrator mediates access to Microsoft Active Directory, limiting the user to particular actions for specific views of the overall directory. As part of NetIQ’s identity and access management offering, it supports user provisioning and other automated tasks and processes. It also eases directory consolidation efforts and helps enforce security policies and segregation of duties. Moreover, NetIQ® Identity Integration Suite seamlessly integrates your Unix, Linux, Macintosh, VMware ESX and other platforms with Active Directory so that you can manage and secure access to these critical systems using the same authentication, authorization, and Microsoft Group Policy services currently deployed for your Microsoft Windows systems. NetIQ Change Guardian products provide real-time monitoring and notification of changes across your distributed environment, providing detailed insight into files, directories, file shares, registry keys (on Windows), system processes, database activity (on Oracle, Microsoft, Sybase and other databases) and more. They also deliver enhanced audit information in order to provide greater fidelity and clarity of information than native log events can provide, and recording pre- and post-change information for improved incident analysis. NetIQ provides other products to address data protection and regulatory compliance needs. To learn more, visit NetIQ.com. WHITE PAPER: Address the Insider Threat of Privileged Users | 7
  • 11. Conclusion Addressing the potential for insider threats is a vital, yet often overlooked security imperative for virtually all organizations worldwide. With the increased dependence on technology to support key business processes and activities, companies are vulnerable to a “trusted” insider causing irreparable harm to their business. While the majority of security resources are spent preventing the anonymous hacker from causing harm, organizations need to be aware of the even greater threat of the trusted insider. Studies have shown that insiders can do far more harm than external hackers as a result of their unfettered access to critical system and the general lack of oversight and accountability. An intrusion detection system may immediately notify IT security of a hacker infiltration, but the tools to notify and address unauthorized changes made by insiders are relatively new to the market. Most worrying of all, organizations typically do not realize that damage has been done by an insider until it’s too late. NetIQ offers a set of products designed to control, manage and audit changes within your IT infrastructure. These products assure that any changes made to your IT environment are managed to prevent any disruption of services or introduction of security vulnerabilities. These solutions address the insider threat by tightly controlling and provisioning access to servers and applications, and monitoring for unplanned and unauthorized changes – increasing compliance and assuring operational integrity across your critical assets. About NetIQ NetIQ is an enterprise software company with relentless focus on customer success. Customers and partners choose NetIQ to cost-effectively tackle information protection challenges and IT operations complexities. Our portfolio of scalable, automated management solutions for Security & Compliance, Identity & Access, and Performance & Availability and our practical, focused approach to solving IT challenges help customers realize greater strategic value, demonstrable business improvement and cost savings over alternative approaches. For more information, visit NetIQ.com. WHITE PAPER: Address the Insider Threat of Privileged Users | 8