Every day we wake up to the news of security breaches, ransomware attacks and data leaks. Enterprises use variety of IT, such as smart devices, personal computers and cloud-based systems, which could be holding array of critical information from customer data, employee information and possible detailed product designs. These are of interest to cyber criminals. An awareness and basic understanding of the threats posed in a cyber-world will help protect your digital assets, intellectual property and the business.
Below are key cyber security areas that organisations may choose to ignore at their own peril:
- Cyber Defense Centers (CDCs) – Cyber defense centers have come to be known as Security Operation Centers (SOCs) of the future. In a CDC, there is a clear separation of duties, and at the same time an effective interaction between the “Red Team” and “Blue Team”. The Red team provides with the better understanding of possible data exploitation and the prevention of future breaches. It performs penetration testing as an outsider, also known as external party assessment. By simulating cyber-attacks and network security threats, the Red Team ensures that the company has strong defense system in place to ward off any future cyber-attack. What makes both the teams different is that once the Red Team imitates a cyber-attack, the Blue Team is there to find ways to defend, change and re-group defense mechanism to make incident response much stronger. In this way, all threads converge into the detection, analysis and mitigation of cyber-attacks.
- Database Activity Monitoring (DAM) – DAM is the observation of actions in a database. Database activity monitoring can be accomplished through a combination of several methods, including network sniffing, reading of database audit logs or system tables and memory scraping. There are various DAM tools available for proactively monitoring the database. These tools use real-time security technology to monitor and analyze configured activities independently and without relying on the DBMS auditing or logs.
These tools also help in detecting unusual and unauthorized, internal or external activities while still gauging the effectiveness of security tools and policies in place. This also allows system administrators to improve the prevention and protection of sensitive data from intruders. DAM tools monitor, capture and record database events in real-time and provide alerts about policy violations.
- Privileged Identity Management (PIM) – Any IT infrastructure hosts a multitude of accounts, each with their own levels of rights and privileges. There are some accounts in the same infrastructure that enjoy higher permission levels. These accounts are known as Privileged Identities (PI’s), super user accounts or super control accounts. Such accounts are mostly held by senior management members like the CEO, CIO and Database Administrators (DBA’s). Identity management is required to ensure that privileged accounts do not get exploited. This is where PIM has a role to play as it focuses on monitoring, governance and control of such powerful accounts within an organization.
- Vulnerability Management – The purpose of an organization’s vulnerability management program is to establish controls and processes that will help them to identify their vulnerabilities within their technology infrastructure. Vulnerabilities in business critical applications or infrastructure can be exploited by hackers to gain unauthorized access to the systems, disrupt the business, and steal or leak sensitive data. Data breaches not only lead to financial losses but also loss of reputation. A vulnerability management program helps in these scenarios, they detect potential vulnerabilities in systems, processes and infrastructure, notify security teams, and list down solutions to fix them.
Authored by Neelesh Kripalani, Sr. VP and Head – Center of Excellence (CoE), Clover Infotech
