A holistic endpoint security management is an absolute must for data-centric security. It helps to maintain a firm grip on sensitive data. In our previous blog, we recommended some of the best practices in endpoint security. In this blog, we have highlighted what could happen if organizations show lackadaisical attitude towards endpoint security. Three infamous IT incidents have been identified where ARCON | EPM (Endpoint Privilege Management) could have prevented data misuse with the help of its robust security features.
Incident 1 – No Data Loss Prevention mechanism
In January 2021, four in-house lawyers of a renowned law firm in Pennsylvania siphoned off some of the organization’s secret files and deleted its emails illegally. The data included lots of legal records, correspondence, confidential firm records, and multiple client databases. Adding to the woes, after the malicious act, the attorneys of the firm double erased all the emails to ensure that there is no evidence of the act if there is any investigation in future. The culprits stealthily used an unauthorized USB device, and their malicious actions remained unnoticed. After this incident, the organization lost its competitive benefits in the market.
This untoward incident could have been prevented by ARCON | EPM with the help of its prevention of data exfiltration capabilities. “Data Loss Prevention (DLP)” feature of ARCON | EPM helps organizations to mitigate data security vulnerabilities by restricting any kind of removable devices including mobiles, USBs, or external hard drives from accessing any data asset from any system at any point of time. Even if someone tries to transfer data via Bluetooth, that also is prevented by EPM because mobile Bluetooth connections and Bluetooth transfers are restricted with ARCON’s DLP feature. Hence, there are no chances of data misuse.
Incident 2 – Absence of User Behaviour Analytics
At the end of 2021, around the month of November, a former employee of the South Georgia Medical Center, downloaded multiple sensitive files from the data assets of the medical center’s systems to his personal USB drive the day after quitting the organization. Along with personal data, it included patients’ test results, names, birth records etc. This is an ideal example of a compromised insider with malicious intent. There was no mechanism to monitor and analyze the behaviour and activities of users who frequently access critical data repositories for various purposes. As a result, the medical center had to provide services including free credit monitoring and identity restoration to all the patients who suffered this unprecedented data breach.
Had ARCON | EPM solution been deployed by the organization, the malicious insider would have been caught before any data theft incident. The “User Behaviour Analytics” feature of EPM solution detects anomalous behaviour profiles in the network on real-time and immediately generates risk-based scores for each user with the help of Machine Learning (ML) algorithms. Based on these scores, the Risk Manager analyzes and takes crucial decisions about whom to continue with the access permissions and whom to deny.
Incident 3 – Absence of File Integrity Monitoring
In the months of March and April 2021, the department of police in one of the cities from the state of Texas suffered massive data loss as one of its employees deleted 8.7 million critical files (approx. 23TB of data) by mistake. These files included crucial evidence of many criminal cases in video, photos, audio, case notes, and other items the police department collected. It resulted in slowing down the process of prosecutions impacting around 17,500 cases with the County District Attorney’s Office.
This is an ideal instance where a government department faced an IT disaster though there were no malicious or fraudulent activities. The employee was unable to manage and verify the existence of the files before deleting them and there were no backups. There was no mechanism to ensure the security, integrity, and confidentiality of data assets of the said Police Department.
ARCON | EPM solution could have averted the disaster with the help of “File Integrity Monitoring (FIM)” feature. FIM keeps on checking and identifying any modifications or changes made to any file or directory. It continuously monitors critical system files, and configuration files/ folders to detect unauthorized changes done by end users, intentionally, accidentally or for some other purpose. Once ARCON’s FIM detects any sudden unauthorized changes, it sends instant alerts to the IT administrator who investigates and takes prompt action. FIM enables IT security teams in maintaining an organization’s compliance policy.
ARCON | Endpoint Privilege Management (EPM) solution addresses the endpoint security challenges with the help of a robust security layer around endpoints. It detects risky behaviour profiles, prevents data exfiltration, and identifies any sudden unauthorized changes made to any files/ folders.