Enterprise Network Security Blog from ISDecisions
Beyond Group Policy to Control Active Directory Accounts
With the GDPR (General Data Protection Regulation) now in full force, businesses must protect confidential data from unauthorized access. Strict administration of Active Directory (AD) user accounts is essential and although Group Policy is the tool of choice, processes such as logon and access policies can be tedious to configure and particularly so for SMBs … Continued
Windows File Server Auditing with FileAudit
With the limited usefulness of native Windows Tools, FileAudit is a software solution that greatly enhances file and folder access auditing across Windows file servers. Windows File Server Auditing Software When native Windows tools don’t cut it, admins turn to third…
Network security in Universities, Colleges and Schools.
IT teams responsible for network security in Universities, Colleges and Schools are experiencing more and more pressure to secure their networks from both external and insider threats. According to the CSO,13% of data breaches last year happened at educational institutions. According to EDUCAUSE, a nonprofit association…
Nine Steps to better File Auditing
File auditing helps organizations secure their most sensitive data and simplifies adherence to compliance standards. When successful file auditing is in place it can help both identify a data breach as well as to potentially stop a breach. Attackers are…
Insider Threat Best Practice – without the need for an SIEM solution
With so much news focusing on external attacks, one of the greatest threats to your organization’s data security, revenue, and reputation is insider threats. Insiders – employees with access to data that is externally valuable – are responsible for 28%…
How Strong is Your SMB Security Strategy?
SMBs today are under attack from malware, ransomware, external threats and data breaches. But, with the lack of sophistication around most SMBs security stances, the prospect of remaining unaffected by attacks is bleak. So, SMB’s and MSPs servicing them need a security strategy with maximum impact, but with a minimal investment in time and budget. … Continued
New distribution agreement for the Netherlands
Dutch organizations set to benefit from enhanced file auditing to protect against data breaches. Global cybersecurity vendor IS Decisions today announces an exclusive distribution agreement with NVB ICT DIENSTEN, an ICT specialist, to deliver its security solution FileAudit across the Netherlands. FileAudit is a comprehensive file monitoring tool that enables organizations to proactively track, audit … Continued
What lessons can companies learn from getting breached?
In a sense, getting stung can be the key to taking notice — and maybe that’s a blessing in disguise. IT security is a topic often seen as solely the IT department’s concern. For management, the means taken to…
Cybersecurity advice for Higher Education
Information security continues to challenge both large and small institutions alike. According to EDUCAUSE, a nonprofit association of IT leaders in higher education, information security remains the #1 issue in 2018 for the third year in a row. Perhaps this is…
Taking a Proactive Approach to Avoid Data Breaches
It seems like IT’s general approach to any kind of attack – which includes data breaches – is a reactive one. Think about it, in every kind of attack-related scenario – whether an external attack, an insider threat, malware…
How are Data Breaches Detected
Sometimes the challenge with data breaches is to know they ever happened at all. Take these examples from the 2017 headlines: Company Breach Discovered Breach Occurred Verifone January 2017 mid-2016 Brooks Brothers May 2017 April 2016 – March 2017 California…
Does Meeting Compliance Include File Servers?
Those of you reading this are likely working in industries with compliance mandates around protecting specific data types from misuse. And, like most businesses today, you’re probably using some kind of industry-specific set of applications that host that data – a health information management system in a healthcare setting, for example. So, your compliance focus … Continued
Why is the Education Sector a Target for Cyberattack?
Year over year, the same industry verticals seem to remain at the top of just about every analyst briefing, industry report, and infographic that are about security, threats, and attacks. Commonly, you repeatedly see Retail, Finance, Healthcare, and Education. But why? Retail and Finance make sense – those are businesses involved with moving people’s money (or … Continued
Active Directory User Login History – Audit all Successful and Failed Logon Attempts
The ability to collect, manage and analyze logs of login events has always been a good source of troubleshooting and diagnostic information. Logons are the one common activity across nearly all attack patterns. They provide one of the clearest indicators…
UK politician password-sharing — maybe the security industry has been giving out the wrong advice?
A few days ago, a news story broke saying that many of the UK’s political leaders have been publicly (and almost proudly) proclaiming their own particularly poor passwords habits on Twitter. MP Nadine Dorries admits she regularly shouts the question…
Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?
Captain Picard (from Star Trek: The Next Generation) has been known to produce some pretty memorable quotes. One such quote comes from an episode where the Federation is fighting the Borg, with Captain Picard saying (in reference to where…
Get Employee Logon Data through Webhooks
With the launch of UserLock 9.6, organizations can now add the value of domain logon management to existing IT systems through an innovative use of webhooks. Webhooks — also known as ‘web callbacks’ or ‘HTTP push APIs’ — are a…
What’s Least Privilege Really All About?
As we finish the upcoming whitepaper ‘Least Privilege and the Value of User Logon Management‘, we began thinking about how organizations may see the point of least privilege as being different things. We all know, at a minimum, the implementation of the principle includes setting up users with the least amount of privileges possible (after … Continued
