User activity monitoring revealed
by Mirko Zorz - Wednesday, 20 June 2012.
  • Mitigates the risk of inappropriate staff actions that can increase corporate risk to data theft, breach or downtime
  • Reduces the cost of compliance by automating user monitoring (if not performed manually)
  • Provides intelligence on how to refine processes and policies to improve security postures.
  • Added expense and labor at a time when budgets are tight
  • Without sufficient governance, monitoring programs could produce privacy violations.
With SMBs, user monitoring is not a huge challenge, but with large enterprises it can become a daunting task to implement and manage. What advice would you give to those that still donít use it and are wondering how to do it in the first place?

Any monitoring investments should be matched to the level of risk and the risk tolerance of the organization. The organization should start by clarifying the objectives of the program. Next, a charter and governance plan would be provided based on those objectives. With this in place the team would initiate monitoring to address a specific risk, allowing for initial success. From there the organization would expand the program to the extent required to meet the organizational objectives.

Active Directory monitoring is a common initial monitoring initiative. It is also common to leverage Security Information Event Management (SIEM) systems for user monitoring. SIEM is either used as the primary tool leveraging event logs or to provide additional analysis across both event logs and information from platform specific monitoring technologies.

Once the user monitoring system is in place, it generates a wealth of data. How can an organization use this data to improve its security posture?

The greater intelligence provided by modern systems allows organizations to:
  • Refine/tune policies and procedures
  • Identify governance issues with defined roles
  • Detect internal and external activity to identify and disrupt breaches
  • Automate compliance reporting
  • Avoid unplanned downtime do to administrative error.
Combined, all of these benefits of gathering and monitoring data enable organizations to improve their overarching security posture, which ultimately helps them better protect the data they house and are responsible for.


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th