Insider Threat Management

6 Common IT Troubleshooting Blind Spots

Share with your network!

IT teams deal with security incidents every day, despite investing heavily in the most advanced cybersecurity tools. Whether it’s malicious or well intentioned, your employees, vendors and other trusted users may be actively working in security blind spots that cannot be monitored by the security tools in which you’ve invested.

IT Troubleshooting Blind Spots

When malware is accidentally downloaded, or files are deleted, or sensitive information is sent via web mail, how will you know what happened and who did it? Proper visibility into your infrastructure is required to investigate incidents, but, unfortunately, many environments have visibility gaps. Here are 6 areas where you may have blind spots:

Unauthorised Activity on Servers

Organisations typically have a good grasp of server statistics, access logs, performance, uptime, and system events. However, a gap may exist in identifying who has direct access to the server, as well as the actions of unauthorised users doing unauthorised things or tasks that should be done from a workstation or laptop.

Installing/Uninstalling Unauthorised Software

Organisations use virtual desktops, non-persistent images, various software management tools, and account restrictions to know about and limit the volume of software that is installed on machines. In most cases, these application-centric methods tend not to provide enough information as to the real question–why is a user installing or uninstalling software on his/her machine?

Hiding Information and Covering Tracks

Organisations are becoming more and more aware of data exfiltration. However, hiding data and covering up evidence, for example re-naming sensitive files before making copies of them, or making changes in a server and then covering their trail (deleting log files), is a favorite of external attackers who infiltrate a network.  

Performing Unauthorised Admin Tasks

A common security practice and a requirement under many compliance regulations, is tracking all administrator actions, both authorised and unauthorised. However, some organisations are not this proactive, and not tracking all admin tasks presents a visibility gap.

Searching for Information

Organisations should have visibility into suspicious search engine searches without relying on a network-based appliance or extensions in browsers. Identifying suspicious search queries will help incident response and investigation teams to obtain the crucial context they need before the organisation is exposed to risk.

Non-Permitted Data/Machine Access

Organisations sometimes do not have the time or resources to immediately lock down and restrict access rights. Furthermore, for every restriction, there is usually an exception to the rule. Having visibility into authorised and unauthorised access allows a company to better audit and get a handle on their privilege creep.

 

These gaps in visibility are a direct result of taking an antiquated approach to cybersecurity. Security and IT teams must adapt to uncover these blind spots if they want to mitigate data loss and ensure a more secure environment.

Do you know where your environment lacks visibility? Proofpoint can help you fill your visibility gaps. Download a FREE 15-day Trial of Proofpoint ITM now.