Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Webcast Recap: “Is Your User Security Program Risky or Risk-Focused?” with Dr. Eric Cole

June 19, 2014

  • Blog
  • Archive
When you’re trying to determine how to control and manage the biggest threats to your IT infrastructure, you need to start by considering several possible breach points and narrowing in on the most dangerous. But attackers aren’t just targeting Microsoft, Linux, or Mac systems. They’re targeting a system that’s much harder to secure: the human OS. Dr. Eric Cole of SANS, a key participant in the development of the Critical Security Controls (CSC), recently joined BeyondTrust for the webcast, “Is Your User Security Program Risky or Risk-Focused?” where he presented straightforward tips for mitigating internal threats and reducing user-based risks. Below are key takeaways from the webcast and on-demand video recording of the complete presentation – plus answers to questions asked by attendees of the live session.

5 Steps to Managing User-Based IT Risks

1. Start with Your Critical Data – Not Your Devices Far too many organizations take a device-centric approach to security rather than a more efficient data-centric approach. New end-user devices and constant updates make it difficult to keep up, so Cole suggests focusing first on where critical data is stored – before concerning yourself with the devices that will be accessing that data. 2. Align Defense with Offense Many companies invest their time in patching and locking down services. While this is well and good, Cole reveals that moving to a risk-focused security protocol requires you to think like the offense and address three other parts of the process: conducting reconnaissance, scanning, and covering your tracks. It’s up to you to find and understand your security exposures before attackers do. 3. Know Thy Organization You can’t protect what you don’t know about, and you can’t catch an attacker if you don’t know what they’re attacking. Whether internal or external, when an attacker knows more about your systems than you do, your defensive efforts won’t amount to much. This is why every organization should have an accurate, up-to-date network diagram, a network visibility map, configuration management, and change control. 4. Practice Defense-in-Depth Cole dismisses the propagandists who threaten businesses with the fear of unstoppable attackers and constant data threats. There are certainly serious and targeted threats, but you can minimize and contain the damage if you focus on the right areas. The most comprehensive strategies include inbound prevention, outbound detection, log correlation, and anomaly detection. 5. Generate Common Metrics Cole closes with a call-to-action for security and IT professionals everywhere: develop consistent, common metrics to run effective security programs that IT can implement, auditors can validate, and executives can understand. You need only check the most recent headlines to hear about data breaches where users where involved – either maliciously or unintentionally – but that doesn’t mean these types of breaches are unavoidable. Check out the video presentation below to learn more about managing user risk with a risk-focused security program that incorporates the Critical Security Controls. >> Learn more about BeyondTrust’s Privileged Account Management solutions for mitigating user-based risks

Live Q&A

Here are Dr. Cole’s answers to questions from the live webcast: Would you elaborate on how SOCs can be designed to make most of SIEM? The trick is to create use cases that focus in on the most critical threats to the key intellectual property. The real focus of a SIEM is to detect unusual activity, which is tied closely to a compromised machine. In essence, the SIEM is the correlation engine of the SOC for tracking and monitoring everything that is occurring across a network. What is an affordable way to label and classify data? The trick is to keep it simple. At the most basic level, there are really two tiers of classification: public and private. Everything should be classified as private by default. Only information that needs to be disclosed and does not represent a risk to the company is classified as public. It is also important to start classifying new data before focusing in on existing data. Doesn't network segmentation conflict with cloud computing models? From one aspect, cloud is the ultimate segmentation because each user and service is on a separate segmentation. The trick with cloud is to have strong SLA (service level agreements) in place to hold the cloud providers to the same level of security that the company has defined. What is your thought on getting workstation logs in the SIEM? Does it bring any value? While workstation logs can be very valuable, they generate a lot of data – so in most organizations it is not worth the extra overhead.
Photograph of Chris Burd

Chris Burd,

Chris brings over 20 years of technology sales and marketing experience to BeyondTrust, where he is responsible for corporate communications and digital marketing. Prior to BeyondTrust, Chris led marketing communications at Core Security, where managed the company’s positioning, branding, and inbound marketing initiatives.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.