Getting Ahead of the Security Game with STEALTHbits

Proactive Security

Most organizations fix the barn door after the horses have escaped, taking IT security seriously, and investing significantly, only after data has been compromised or an audit failed. A large sports entertainment company is the exception. Unprompted by a security breach or even a compliance requirement, they pro-actively built a data security program, complete with a re-organization that made security a separate entity. The Company’s Manager of Information Security is one of those responsible for developing and implementing the Company’s impressive data security efforts after doing so was identified as a priority.

“We started with Active Directory,” notes the IT Security Manager. He discovered STEALTHbits products while working for a previous company, but was unable to acquire budget to purchase the products. “Unlike many companies I’ve been involved with, our management understands the security value in cleaning up Active Directory and how STEALTHbits makes that effort immeasurably easier.”

Unique Active Directory Challenge

The Company’s Active Directory optimization challenge is uniquely difficult. When they conduct certain kinds of business with their customers – purchasing merchandise, for example – an account is created for the customer in Active Directory. As those customers often make a single purchase and may never use their login credentials again, the Company’s Active Directory has 48,000 user objects, 90% of which are stale. Understandably, the Security Manager believes storing this information in AD is not optimal, and is using StealthAUDIT to help make the case to his managers that transient accounts should be moved off AD and into an SQL database or other application. “StealthAUDIT makes generating these reports very easy, and the compelling presentation of the data is greatly helpful to us as we make security decisions.”

Holistic Security View

As their enterprise security view is comprehensive, the Company considers IAM, PIM, and Access Governance the three pillars of their security program, and is also using STEALTHbits to address accounts with elevated rights. “We know we have too many users with administrator rights, and we need to show our management what that looks like so we can take the appropriate steps to minimize our risk,” noted their Security Manager. Before STEALTHbits, the security team wrote scripts to gather privileged access user data and generate usable reports. With STEALTHbits, the task is automated. “It would take us half a day to run a privileged user report using our scripts. With StealthAUDIT, the reports are generated automatically, in minutes, and we don’t have half a dozen custom scripts to track and maintain.”

Understanding Sensitive Data Access

The Company has a great deal of unstructured data, much of it containing highly sensitive information (e.g. contracts and other legal documents, financial data, plans for future expansion and merchandising). No one knows this better than the Security Manager, and he appreciates how critical access is to a security strategy: “the fewer people that have access to data, the less likely it is to be compromised.”

As employees have moved from department to department over time, many have accumulated rights to file shares they no longer need. To make this point, the Security Manager employed STEALTHbits’ AIC (Access Information Center), a tool that, among other capabilities, can display which users have effective access to which file shares via a user-friendly interface consumable by non-technical employees. “I first asked, for example, the head of HR, which people should have access to a certain file share, and they usually listed 4 or 5 names,” he explained. “I then used the AIC to show them who actually had effective access at that time, and the list showed 50 or 60 names. Needless to say, that got their attention, and we were using just the basic capabilities of STEALTHbits products.” Eventually, he plans to use STEALTHbits products to identify file share ownership, and enable self-service access requests to be handled by the share owner, independent of the IT group.

Sensitive Information in Email

Finally, the Company, like most enterprises, realizes that some of its most sensitive information resides in email conversations – just ask Sony – and is using STEALTHbits to control and monitor access to Exchange mailboxes. The Security Manager emphasized the importance of email account security: “We want to know who has access to mailboxes, who has send-from privileges, when those mailboxes are being accessed, and by whom.” Using StealthINTERCEPT, software that monitors access activities and authentication traffic in real-time, the Company knows who’s using mailboxes, and if anyone is changing access permissions. Using advanced pattern-recognition analysis, StealthINTERCEPT interprets the activity data and generates intelligence-based alerts when suspicious activity is taking place…in real-time. “StealthINTERCEPT will allow us to lock down mailbox access, and be confident that only those who should be using an email account are doing so.”


In Brief:

  • Sports Entertainment Company

  • Identified data security as a priority and major corporate initiative

  • Privileged account and sensitive files access challenges

  • Used StealthAUDIT reports to quickly make investment case to management

Quotes:

  • “Our management understands the security value in cleaning up Active Directory and how STEALTHbits makes that effort immeasurably easier”

  • “StealthAUDIT makes generating these reports very easy.”

  • “It would take us half a day to run a privileged user report using our scripts. With StealthAUDIT, the reports are generated automatically, in minutes, and we don’t have half a dozen custom scripts to track and maintain.”