Cyber-attack on Zappos: Information Security Lessons for Enterprises [Part-5]

In the previous four posts, we analyzed the
causes for security incidents. We discussed how lack of internal controls, access
restrictions, centralized management, accountability, strong policies,
haphazard style of privileged password management and lack of proper activity monitoring give room for
security incidents. Let us now analyze
how we can overcome these threats and security incidents:


Take preventive action, safeguard your data

With cyber-threats looming large, enterprises should think of taking
preventive action by strengthening internal controls. Manual processes
and home-grown tools may not be able to provide the desired level of
security and controls.

It is pertinent to quote here from a research report by Gartner:

“Manual procedures for managing shared account passwords can be
intrusive, interrupting normal operations and unacceptably delaying the
resolution of problems. These procedures can also be fragile, failing to
consistently deliver the desired level of control and accountability
and exposing organizations to insider threats.”

(Source: Gartner, Inc., “MarketScope for Shared-Account/Software-Account
Password Management”, Ant Allan, Perry Carpenter, 16 June 2009).

Bolster internal controls, access restrictions

One of the effective ways to achieve internal controls is to deploy a
Privileged Password Management Solution that could replace manual
processes and help achieve the highest level of security for the data. Privileged Password Managers help enterprises safeguard their data and
thereby avoid security incidents in more ways than one:
  • Administrative passwords can be stored in a centralized repository
    in encrypted form – this helps avoid storing of the passwords in
    volatile resources. Even if someone manages to get hold of the password
    database, data cannot be deciphered
  • Role-based, granular access restrictions can be enforced –
    administrators and other users get access only to the passwords that are
    allotted to them, not all passwords
  • Passwords can be selectively shared with others on need basis –
    sharing passwords by word of mouth completely avoided
  • Passwords can be
    automatically changed at periodic intervals assigning a strong, unique
    password to each resource – hackers cannot make wild guesses
  • For enhanced internal controls, administrators / users may even be
    prevented from viewing the passwords in plain text. Instead, they could
    be directed to just click a URL to directly access the resource
  • Users requiring temporary access to the passwords (like
    contractors, partners) can be directed to follow password
    request-release workflow granting time-limited access. After revoking
    the permission, passwords can be automatically reset – this prevents
    users getting access to the passwords that are no longer required for
    them
  • All password access activities are completely audited – this helps
    monitor the usage of privileged identities and fix accountability
    issues when something goes wrong. It also helps the enterprise meet
    regulatory compliance requirements
  • Real-time alerts on password actions
    help administrators continuously track and control the administrative
    passwords
  • If an administrator leaves the organization, passwords owned /
    accessed by them can be transferred to some other administrator and the
    passwords could be automatically reset – this helps avoid possible
    misuse of the passwords by disgruntled users

Keep an eye on activities

Keeping an eye on the activities going on in the enterprises in an
absolute must. Logs from critical systems carry vital information that
could prove effective in preventing security incidents. Especially,
monitoring activities like user logons, failed logins, password access,
password changes, attempts to delete records and other suspicious
activities could help identify hacking attempts, malicious attacks, DoS
attacks, policy violations and other incidents.

It is worthwhile to have technology and tools in place to monitor activity in the network. As we had stressed earlier, an
automated approach to centralized log collection, analysis and reporting
for real-time situational awareness is essential from the standpoint of
enterprise security.

Researchers repeatedly point out that identity theft incidents are on
the rise and it will only keep growing due to many reasons, including
economic situation, social factors and technological advancements that
make the tech-savvy criminals more creative every passing day.

Not all security incidents could be prevented or avoided; nor could any
software act as the panacea for all cyber security incidents. But, the
security incidents that happen due to lack of effective internal
controls and monitoring are indeed preventable. Enterprises should take
preventive action to combat cyber-criminals. Otherwise, they might just
end up locking the stable after the horse has bolted!

Arm your enterprise with ManageEngine IT security software

ManageEngine has a range of affordable Enterprise Security Management
Software Solutions that help you build a secure fortress enabling you to
stay secure, ensure business continuity and enhance productivity. Using
ManageEngine Password Manager Pro, you can bolster internal controls; Firewall Analyzer & Eventlog Analyzer just act like watch towers and help in observing the happenings around and protect from potential threats.

Password Manager Pro

Password Manager Pro is a secure vault for storing and managing shared
sensitive information such as passwords, documents and digital
identities of enterprises. Using Password Manager Pro, you control the
access to
shared administrative passwords of any ‘enterprise resource’ such as
servers, databases, network devices, applications etc. PMP enables IT
managers to enforce standard password management practices such as
maintaining a central repository of all passwords, usage of strong
passwords, frequent changing of sensitive passwords and controlling user
access to shared passwords across the enterprise.

Firewall Analyzer  &  Eventlog Analyzer

Keeping a watchful eye over the eventlog, application
log and trails from perimeter security devices is essential to safeguard
the organization from evolving internal and external threats and
optimize performance.  This mandates:
  • automatically collecting, analyzing, reporting, alerting and
    archiving event log  from distributed Windows hosts, Syslog from Unix
    hosts and devices & Application log from servers and databases
  • monitoring, analyzing and reporting on logs from firewalls and other perimeter security devices
  • troubleshooting network problems and optimize bandwidth usage & performance
  • complete visibility on internal & external security threats
  • meeting regulatory audit and compliance requirements

Firewall Analyzer and Eventlog Analyzer from ManageEngine precisely help achieve these.

Bala


ManageEngine IT Security & Compliance Solutions

Quick Video

|

Free Trial Download



White Papers

  |

Success Stories

You Can Learn More About the ManageEngine Product Line By Going to www.ManageEngine.ca

The original article/video can be found at Cyber-attack on Zappos: Information Security Lessons for Enterprises [Part-5]

About the Author: Shannon Lewis

Leave a Reply Cancel reply