Insider Threats: Preventing Credential Leakage
What Magna Saw – How to Stop Insider Threats:
How to stop insider threats. It’s always challenging to educate employees about good security practices, but even more challenging for new employees.
Recently, LightCyber Magna detected a suspicious number of attempted SSH connections from the workstation of a newly hired engineer. The security analyst saw the event on the Magna Analyst Dashboard and sent an email to the user to ascertain what might be going on. At the same time, Magna Pathfinder automatically interrogated the host workstation and presented the findings to the security analyst on the dashboard.
It turned out that the suspicious SSH connections were being generated by an SSH client that the new employee downloaded from the Internet. Pathfinder not only found the executable on the workstation, but confirmed through the Magna Expert Cloud System that the user downloaded and installed a “cracked” version of the SSH client.
Fortunately Pathfinder found it quickly, as “cracked” software is not just a legal liability for an enterprise, but it could very well leak administrative credentials anytime they are used, potentially giving a bad actor easy entry into the firm’s network using valid credentials.
You can find out more about how Magna works to prevent insider attacks by clicking here.