Compliance continues to be a challenge for smaller organizations, because of the high cost of tools needed to meet the regulatory guidelines. Quanexus has been busy researching solutions that are affordable for this segment and our clients.
The two key areas we have focused on are file access, including administrative access to the servers (separation of duties), and network monitoring.
The requirements for file access and administrative access are:
- Logs need to be maintained and reviewed, showing who and when files and directories that contain confidential or sensitive information were accessed.
- Logs need to be maintained and reviewed, showing when a user with administrative privileges logs into servers, and what changes were made to the server. Examples of changes are: a new user was created, rights to who can access files have been changed, a user was moved to a different user group, and privileged escalation, etc.
Related: Create a Security Conscience Team
The other requirement is network monitoring.
Almost all organizations have a firewall in place, which are fairly successful at protecting the network, but how do you know if they are working or if something might have slipped by the firewall?
It is important to have a way to monitor network traffic inside, on your local area network (LAN) segments.
We are building our network monitoring solution in two phases. Phase one is the monitoring for intrusion based traffic on the network. Phase two is to look for intrusions on workstations and servers. We are in the final stage of completing phase one of our network monitoring solution.
As a part of the layered security approach, we are also evaluating how to better utilize a host (workstation or server) based firewall, to limit traffic between systems on the same network.
This approach would detect if a workstation is trying to access, or being accessed by, a system that it should not have a need to access. If suspicious access activity is identified, an alert will be sent.
Network segmentation is another control that helps protect against lateral movement and can detect if a network has been potentially compromised.
Related: Cybercrime By The Numbers
If you are a smaller organization and are concerned about your system's compliance, we would be happy to meet with you and review your process.
If you would like more information about how we can help, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity by subscribing to our email list.