WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Most any security expert will agree that policies are a crucial part of your security plan. At the most basic level, you need policies that define who is allowed to access what resources and at what times.
But keeping such policies up to date in an ever-changing business environment is a tall order. Each time an employee is promoted or moves to a different department, his permissions should change. But in plenty of companies, such updates slip through the cracks. Add in myriad relationships with outside organizations and the problem quickly becomes unwieldy.
The result is that employees end up with access to far more resources than they need, says Ofer Gadish, executive vice president for technologies at Camelot Information Technologies, Ltd. That represents a security problem waiting to happen, considering that various studies show at least 70 percent of all computer crime is perpetrated by internal users.
NI is the technology behind Hark, an automated access control system that takes the burden of defining access policies off the shoulders of IT.
Hark consists of three basic components. The first is Guardian Agents, which sit on any component you want to protect. The agents gather information about who accesses what files as well as enforce policies on the machine where they reside.
Guardian Agents send statistical data to Access Analyzers, which apply the Hark discovery algorithms to determine access permissions.
The final component, the Central Console Server, is a Web-based management station from which users can monitor all activity, receive alerts and generate reports.
Starting from scratch, Gadish says it takes from three days to three weeks for Hark to generate its first valuable results. In the 17 beta sites where the product has been tested, companies got rid of 80 to 90 percent of permissions, with few false alerts. "Users don't feel it," he says.
That's because the product essentially allows whatever activity is normal, while revoking access to files that a user doesn't access over time. Such policies can change on the fly, such as in the case of a user who changes jobs and needs to access different resources. Hark can also integrate strict, user-define rules (the CEO can access anything, anytime), with the adaptive rules that it creates.
Hark works with systems including Windows 2000, Windows NT, NetWare and Solaris. It costs $6,000 per server and $20 per user seat and is available now.