by Jasmine Chennikara-Varghese
There has been an influx of solutions over the past few years to secure protected assets and data. Best practices have evolved requiring companies to adopt a variety of these security solutions including web proxies, firewalls, intrusion detection/prevention systems, network traffic monitoring, access & identity management, etc. While network and system level preventive and detective solutions have fortified the security landscape of enterprise networks, true awareness of what is happening with sensitive or business-critical data remains elusive in many cases. This is in part due to the complexity and variety of the enterprise application and the dynamic nature of users, networks, and endpoints.
Application blindspots can lead to data breaches despite the best security solutions. For example, imagine if a threat actor has been able to circumvent your security measures and gain access to your network without being detected by typical perimeter solutions. Perhaps they used stolen credentials, exploited a vulnerability or gap in your defenses… or worse yet, perhaps it is an insider job. Now they are in your crown jewel assets and are pulling customer data records, corporate financial reports or intellectual property files. To reduce the risk of data breach, you need to know what users are doing in your business applications with your sensitive data so you can detect risky activities that have the potential of being a data breach and proactively mitigate its impact.
Cyber security monitoring is about more than what is happening on your network with your routers, critical assets and user devices. It is also about user activity within your applications. This starts with monitoring all the activity around your application to build a baseline for normal user activities. Then you can start detecting deviations from the baseline. For example, John, a typical business user, normally updates vendor bank account information on an ERP system during business hours. Today his user account was used to access credit card records. This anomaly could be an indication of suspicious activity. You need application visibility to investigate the unusual behavior and determine if it is a potential breach.
To build a strong cyber defense it is essential to have deep awareness of users, applications and transactions. See how Greenlight solutions can bridge the gaps in your cyber defense.