Top 6 Security Breaches that Auditing Would have Prevented

Because IT security breaches have become so prevalent, the common model for addressing them is often more reactive than proactive. Have you given up and given in to the idea that breaches are inevitable? Money, time and effort is put into establishing incident response teams, but often preventative efforts don’t go much further than applying the patches released by major software vendors – and sometimes even that falls by the wayside.

It’s true that some breaches are unavoidable, but when they occur, time is of the essence. You need to know about it as soon as possible so you can take steps to ameliorate the damage. Auditing can mean the difference in whether you get that information in time. And in some cases, the breach didn’t have to happen at all. Auditing is also your best defensive tactic for preventing security breaches. In fact, many of the specific breaches reported over the last few months could have been prevented or remediated by a good auditing program. Let’s take a look at some examples.

Many breaches involve access by persons who should not have access. This can happen due to the wrong configuration settings or the wrong permissions being assigned to an account. Even when everything is set up perfectly, changes can be inadvertently or deliberately made that put your organization’s security at risk.

Change auditing can detect potentially dangerous situations before an actual breach occurs. Netwrix Auditor is one of the most comprehensive solutions for tracking and managing changes and ensuring that there are no unintended consequences when necessary changes to settings or permissions are made.

Sometimes the unauthorized access is more difficult to prevent because it’s done using an account that has a legitimate need for permissions to the particular files.

A popular way to gain unauthorized access is through a brute force attack, which can involve trying multiple password/user combinations until one works.

Auditing of logons, particularly failed logon attempts, can indicate that a brute force attack is in progress and real-time notification can make it possible for administrators to respond before the network is breached.

Configuration auditing is a must to prevent this type of attack. By auditing the configurations of Active Directory and other databases where configurations are stored, as well as Group Policy settings, file server configuration and file access, SQL Server and all Windows servers, you maintain complete control over what’s happening on your network on an ongoing basis.

It’s not only misconfiguration of the operating system that can put you at risk – improperly configured third party applications can pose an even bigger threat because their vendors may be less proactive about warning users of problems discovered with default configurations, and changes that are made to the settings may be overlooked. I like that Netwrix Auditor can audit virtually any application, via session auditing and tracking of configurations stored in databases.

Auditing may seem like a dull topic, but helping to thwart cybercriminals by preventing and more readily detecting security breaches can save your company money and its reputation, and that’s pretty exciting.

An ounce of auditing prevention is worth a pound of cure!

Deb is a technology and security analyst, consultant and author specializing inidentity, security and cybercrime. Deb focuses on Microsoft products, and has been awarded the Microsoft MVP (Most Valuable Professional) award in the field of enterprise security for 15 years in a row.