5 Best Practices for Guarding Against Insider Threats

BrandPost By Chris Carroll
Dec 02, 2016

istock 518180852

As the user base continues expanding, securing enterprise resources against insider threats has emerged as a front-burner issue. But there’s good news: Organizations can guard against insider threats by implementing the following five proven policies and procedures.

1)    Consolidate user identities

Start by consolidating identities across the enterprise. This allows you to enforce separation of duties and delegate administration. To do this, migrate local accounts to centralized management, associate each user account with an individual, and eliminate multiple accounts and passwords for users. This way, insiders can access only those systems and applications necessary to perform their jobs, and all of their administrative activities can be linked to each user’s unified identity.

2)    Implement MFA

Password-based security is no longer sufficient for guarding against insider threats. The enterprise should instead implement multi-factor authentication (MFA) to establish identity. Since MFA requires multiple methods for identification, and requires all insiders to authenticate before accessing any enterprise resources, it’s one of the most effective methods for preventing access to enterprise information that’s off limits.

3)    Limit lateral movement

Lateral movement refers to the various techniques insiders use to move through a network as they search for key assets and data. There are three proven approaches for limiting such movement:

  • Establish host-based network protection. This typically involves enforcing 802.1x network authentication with host identities, leveraging group policies to enforce host-based firewall rules, and restricting administrative access via group policies.
  • Eliminate VPN access.
  • Minimize user rights by granting user access only where it is absolutely necessary.

4)    Enforce least privilege policies

You can best enforce least privilege policies by locking down local administrative and application accounts and enforcing role-based least privilege elevation. In addition, establishing request-based privileged access will permanently eliminate assigned privileges and require insiders to request time-limited privileges.

Insider threats often avoid detection for extended time periods, and implementing least privilege policies can help mitigate this risk. In this scenario, users are granted just enough privilege to do their jobs and accomplish their business objectives. This allows administrative users to log in as themselves while maximizing enterprise control over privileged accounts and proprietary information.

By implementing privileged identity management solutions, organizations can deliver cross-platform least privilege access and control shared accounts while securing remote access and auditing all privileged sessions. You can consolidate identities and secure information resources by carefully granting administrative users secure, privileged access to enterprise infrastructure and applications.

5)    Log and monitor all privileged access

Capturing and recording all privileged access attempts lets the enterprise analyze patterns and periodically conduct forensic analysis of suspicious behaviors of administrative users. This is implemented using host-based privileged access recording and generating privileged access reports that are analyzed centrally by IT staff.

Adopting these 5 best practices will help the enterprise minimize the attack surface and efficiently secure enterprise resources from insider threats. For additional information on how to implement best practices for guarding against insider threats, download the whitepaper Top 3 Reasons to Give Insiders a Unified Identity.