User activity monitoring revealed
by Mirko Zorz - Wednesday, 20 June 2012.
  • Mitigates the risk of inappropriate staff actions that can increase corporate risk to data theft, breach or downtime
  • Reduces the cost of compliance by automating user monitoring (if not performed manually)
  • Provides intelligence on how to refine processes and policies to improve security postures.
  • Added expense and labor at a time when budgets are tight
  • Without sufficient governance, monitoring programs could produce privacy violations.
With SMBs, user monitoring is not a huge challenge, but with large enterprises it can become a daunting task to implement and manage. What advice would you give to those that still don’t use it and are wondering how to do it in the first place?

Any monitoring investments should be matched to the level of risk and the risk tolerance of the organization. The organization should start by clarifying the objectives of the program. Next, a charter and governance plan would be provided based on those objectives. With this in place the team would initiate monitoring to address a specific risk, allowing for initial success. From there the organization would expand the program to the extent required to meet the organizational objectives.

Active Directory monitoring is a common initial monitoring initiative. It is also common to leverage Security Information Event Management (SIEM) systems for user monitoring. SIEM is either used as the primary tool leveraging event logs or to provide additional analysis across both event logs and information from platform specific monitoring technologies.

Once the user monitoring system is in place, it generates a wealth of data. How can an organization use this data to improve its security posture?

The greater intelligence provided by modern systems allows organizations to:
  • Refine/tune policies and procedures
  • Identify governance issues with defined roles
  • Detect internal and external activity to identify and disrupt breaches
  • Automate compliance reporting
  • Avoid unplanned downtime do to administrative error.
Combined, all of these benefits of gathering and monitoring data enable organizations to improve their overarching security posture, which ultimately helps them better protect the data they house and are responsible for.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th