Do you have an internal threat in your company?

Do you have an internal threat in your company?

(HINT – the answer is almost certainly yes!)

The notion of internal threats in the enterprise have been around for decades. We often picture a disgruntled employee looking to get even, a nefarious thief secretly cloning an employee’s device, or an innocent person forced against their will to steal internal company secrets. But while these ideas do make for excellent movie and TV scripts, they don’t mirror reality.

In fact, the reality is different, because your worst enemy may not be a shadowy thief, but innocent Carl, in accounting or unaware Gina in operations. While security organizations have spent enormous capital over the years trying to teach employees to comply with company policies by taking more appropriate precautions, the fact is many users are unaware of the consequences of their actions or are simply negligent, rather than intentionally putting sensitive applications or data at risk.

The human element in breaches

In the Verizon 2024 Data Breach Investigations Report , which features one of the largest continuous pools of respondents in the world, researchers address this issue head-on when considering metrics related to the human element in breaches. In the past, that metric was considered “alongside an opportunity gap for security training and awareness.“

The change was based on the realization that the human element metric has historically included Privilege Misuse pattern breaches, which are cases involving malicious insiders. The two use cases - malicious and innocent, led to the following statement in the 2024 report, “Having those mixed with honest mistakes by employees did not make sense if our aim was to suggest that those could be mitigated by security awareness training.”

Unfortunately, however, removing truly malicious users from the breach pattern did not radically alter the results, as the human element is still present in 68% of breaches.

Changing landscape of data access

Another factor is that access to and the location of sensitive data and applications has changed dramatically over the years. Internal applications that used to be housed on-site have moved to the cloud as part of the drive to digital transformation, at the same time as the shift to hybrid/report work has continued to evolve.

This blurring of the lines between secure corporate environments and potentially risky remote settings has complicated the issue further. Recent research shows that 70% of respondents express concern about insider risks in hybrid work contexts, reflecting the challenges of securing distributed, less controlled environments.

The challenge of authorized access

One may wonder how such issues in accessing previous internal content or data could occur, even as enterprises invest in Zero Trust controls, strict authentication schemes and more. The reason is simple – these users, or “internal threats” – are actually authorized to get to these applications. So, if many beaches begin with authorized users and ongoing security awareness training is not completely effective, what is the solution?

A basic place to begin securing anything is to consider the old triad of AAA – authentication, authorization, and accounting. The users that we are discussing are required to access sensitive applications and data to do their jobs, so clearly basic controls must be in place.

Access cannot be withheld, but steps should be taken to remind users that the applications are internal and to include functionality to keep users from making bad decisions. The combination of Secure Application Access, robust last-mile DLP features, and Browsing Forensics delivers the capabilities to solve these problems while retaining the browser that users love.

Introducing Secure Application Access from Menlo Security

Menlo Secure Application Access enables least-privileged access on a resource-by-resource basis. It supports access and application protection for both private and SaaS applications. Data security and information leakage protection works hand-in-hand with easy-to-manage access control. Menlo Secure Application Access ensures secure application access while simultaneously protecting the associated intellectual property and application data when you provide secure intranet access to contractors.

Like most things Menlo, the solution begins with the Secure Cloud Browser . When you deploy Menlo Secure Application Access, you provide vital protection to your applications from possible compromised endpoints, while at the same time protecting your users from compromised traffic from application servers. ?Unlike traditional technology that gives access to the entire network, Menlo Security provides access to only what’s necessary with policies for users, groups, source IPs, and geolocations.

Last-mile data protection capabilities help address any internal threats, whether negligent or intentional, protecting the valuable data these applications hold. Menlo Secure Application Access has additional layers of data security controls. These controls include:

● ?Download/upload

● Read-only/read-write

● Watermarking

● Data redaction

● Copy/paste


Figure 1 Copy/paste and watermarking controls


Figure 2 Watermarked page


Browsing Forensics - the last A in AAA

Secure Application Access will take you a long way toward securing internal apps and sensitive data, but it is also important to add the last step – accounting. Menlo has you covered, with Browsing Forensics. When enabled with Secure Application Access, Browsing Forensics can show you those controls at work, as well as how users interacted with them.

If, for example, you have deployed Secure Application Access to protect a particular site for an internal user to securely access a critical application that they need, but Browsing Forensics shows the user downloading several sensitive files that is not normal for their role, you may have a bigger problem than you initially thought.

With Browsing Forensics you can see actual screen captures of what the user did when on the secured site down to the input and screenshot, with no need to reassemble information from different tools, and no need to guess at what was really going on. By getting information on an individual's actions on a site, you can see through to intent while your apps and data remain protected.

Another area where Browsing Forensics provides unique capabilities is Compliance and Audit. It has historically been difficult to illustrate organizational safeguards and prove adherence to them, especially when the apps or data in question can be reached by the browser.

With Browsing Forensics, you can get the information that you need with just a few clicks, without any abstraction or ambiguity. You can easily view exactly what applications were accessed and what actions the user took, providing a complete picture that even an auditor and or compliance experts would be happy with.

Find out more about how the combination of Browsing Forensics and Secure Application Access can be used to keep you users, applications, and data safe using the browsers you already own.

For more information about Secure Application Access, see here .

To learn more about Browsing Forensics, see here .

要查看或添加评论,请登录

社区洞察

其他会员也浏览了