Top Five IT Security Threats and How to Combat Them
June 11 2012 - 5:00AM
Business Wire
Quest Software, Inc. (NASDAQ: QSFT):
Faced with external security threats from hackers and others ,
along with a growing array of even more dangerous internal security
threats, companies worldwide are feeling the heat. Industry experts
agree that strong identity and access management (IAM) technology
and practices should be the cornerstone of every security strategy;
but, legacy IAM offerings often are considered overly complex and
difficult to maintain – a problem compounded by the advent of cloud
and mobile trends affecting enterprise access. Quest Software
provides a modular approach to IAM ideally suited to address a full
range of security concerns. This advisory provides the top threats
companies should prepare for, and specific IAM best practices they
should follow to combat threats early on.
Organizations traditionally have had only two options to address
identity and access management:
1.
Solving specific pains in an ad-hoc manner
with system- and task-specific tools and practices from a variety
of vendors.
2.
Implementing a monolithic framework that
seeks to address issues enterprise-wide through an almost entirely
customized approach.
These options either are too customized and cumbersome to be
sustainable, or too controlling and rigid to address today’s new
market realities. Neither adequately addresses the business-driven
needs that are forcing organizations into action.
There is a better way. Quest Software, with its Quest One
Identity Solutions, makes security and compliance simple and
effective. Unlike identity and access management solutions from
legacy vendors, which require extensive and costly customization,
Quest‘s modular, yet integrated, approach addresses immediate
concerns, but is nimble enough to tackle future business needs –
with an eye firmly on simplifying some of the most complex
challenges organizations face today.
Tweet This: Top 5 security threats to your data and how
to combat them with @Quest IAM: http://bit.ly/MjUf61
News Facts:
- A leading provider of identity and
access management solutions, Quest Software identifies the
following five top security threats and offers a set of solutions,
proven in the real-world, that make achieving security and
compliance not only simpler, but less expensive and more
effective.
1.
Internal Excessive Privilege –
System Administrators with complete access to servers and data can
pose a tremendous internal threat if they turn against the company.
Similarly, everyone from admins up to executives poses a threat to
security and data if they maintain excessive access rights after
changing positions or taking on different roles.
2.
Third Party Access – Giving
partners and other third parties appropriate access to data is no
longer cut and dried. Data stored in the cloud may be located
across the country or overseas—or sit on physical servers owned by
one vendor, but housed in facilities owned by any number of data
centers. Employees of these third parties often have direct access
to unencrypted data, or they may retain copies of both encrypted or
unencrypted data.
3.
Hactivism – Politically motivated
hacking is on the rise, by operations such as Anonymous Operation
and Lulz-Sec. Members of these groups assert that much of their
success comes not from their technical expertise, but from having
found easy targets. While an organization may not have control over
whether or not it is attacked, effective identity and access
management strategies and technologies, and basic employee security
training, will reduce the chances that attacks will succeed.
4.
Social Engineering – Social
engineering is the age-old technique of using lies, deception and
manipulation to gain sufficient knowledge to dupe an unwary
employee or company. Using public social channels to detail every
aspect of your upcoming “unplugged” vacation trip may be just what
a scammer needs to put an attack in motion.
5.
Internal Negligence – Negligence
typically is an offense committed by management when “they should
have known better.” Most successful data security breaches have
some element of managerial negligence associated with them, such as
simply forgetting to check log reports for clearly suspicious
patterns.
The Lessons – How to combat security threats:
- Adopt a “least privilege” security
posture that gives each employee the least privilege necessary
to accomplish required tasks, and ensures that unnecessary access
rights are revoked whenever an employee changes roles. Some of the
most common implementation options to help get to a least privilege
state include: assigning appropriate access directly to users based
on well-defined roles, limiting access to administrator and/or root
accounts – making sure that the passwords to these accounts are not
shared, are changed frequently, and that there are controls in
place to limit and track their use.
- Embrace an access review policy
and regular, automated access alerts that notify two or more
administrators of access changes, employee changes or other
critical issues. To prevent access creep, access privileges must be
dynamically linked to human resources and staffing databases.
Notifying more than one administrator helps overcome
negligence.
- Lock the front door by fostering
education, encouraging diligence, and developing processes such as
regularly changed passwords, or by adopting “harder” security
access technologies with tools such as Microsoft Active Directory
or multifactor authentication. Employee education can cover the
logistics and basics of security, but also can address topics such
as the psychology and known techniques of social engineering
hacks.
- Achieve compliance by
implementing access control and separation of duties practices and
technologies, and developing, implementing, and enforcing secure
policy on all system access. Provide a complete audit trail of
policy and activities, and eliminate non-compliant login
practices.
Quest Experts Share Advice on Best Practices and More at
Gartner Security & Risk Management Summit
- Quest experts and thought leaders will
exhibit and showcase Quest One at the Gartner Security & Risk
Management Summit, June 11 - 14, in National Harbor, Md.
(Washington, D.C. area).
- Industry commentary can be provided by
Quest executives, including Jackson Shaw, a 20-year IAM veteran who
oversees Quest One product direction and IAM strategy. Please
contact QuestIAM@eastwick.com to schedule interviews with Mr. Shaw
or other Quest luminaries.
Supporting Quotes:
John Milburn, vice president and general manager, Identity
and Access Management, Quest Software
“Today’s security challenges are drastically different than they
were just a few years ago. The advent of cloud computing, mobile
access, and new compliance concerns has essentially taken
everything organizations thought they knew about security best
practices and flipped it on its head. As the nature of doing
business changes, companies need to get smart – fast – about
building strong and sustainable identity and access management
strategies. As a trusted advisor and steadfast technology provider
for nearly 90 percent of the Fortune 500, Quest Software has
amassed the knowledge, experience, and technology necessary to
successfully guide organizations through the new security
landscape.”
Gartner, November 29, 2011, “Predicts 2012: Sophisticated
Attacks, Complex IT Environments and Increased Risks Demand New
Approaches to Infrastructure Protection”
“Sophisticated new threats — especially targeted attacks — the
financial and reputational damage from attacks, and the growing
"consumerization" of IT are among the factors increasing the
complexity, difficulty and criticality of protecting enterprise IT
infrastructure. Enterprises should recognize that every new trend
in technology brings new vulnerabilities, and should use some of
the cost savings they realize from these trends to improve their
security controls.”
Supporting Resources:
- Want to know how your identity and
access management performance compares to the best-in-class? Take a
free interactive assessment
- More Quest news:
http://www.quest.com/newsroom/
- Twitter:
http://mobile.twitter.com/quest
- Facebook:
http://www.quest.com/facebook
- LinkedIn: http://www.linkedin.com/
- Quest TV: http://www.quest.com/tv/
About Quest:
Established in 1987, Quest Software (Nasdaq: QSFT) provides
simple and innovative IT management solutions that enable more than
100,000 global customers to save time and money across physical and
virtual environments. Quest products solve complex IT challenges
ranging from database management, data protection, identity and
access management, monitoring, user workspace management to Windows
management
RSS Feeds:
- Quest news releases:
http://www.quest.com/rss/news-releases.aspx
Technorati Tags:
Quest Software
Quest, Quest Software and the Quest logo are trademarks or
registered trademarks of Quest Software in the United States and
certain other countries. All other names mentioned herein may be
trademarks of their respective owners.
Quest Software, Inc. (MM) (NASDAQ:QSFT)
Historical Stock Chart
From Jun 2024 to Jul 2024
Quest Software, Inc. (MM) (NASDAQ:QSFT)
Historical Stock Chart
From Jul 2023 to Jul 2024