IBM Security13
Q4: How can a Data Activity Monitoring (DAM) solution help me protect against insider threats?
Christina F Thompson
A4: Automated, real-time controls implemented thru a well-designed DAM solution can prevent unauthorized actions
Cindy Compert,CIPT/M
a4 The best offense is a good defense.. Go where the money is
Andy Land
A4: One of the core tenets of stopping #insiderthreats is watching the data. Know where the honeypots are and watch them. Know what users should be doing in those honeypots.@IBMSecurity
AdrianLane
A4: DAM detects unusual queries and can block. Think SQL Injection
Luis Casco-Arias
Since the ultimate asset is data, it makes sense to monitor who is accessing that data in real time, and what they are doing to it
Cindy Compert,CIPT/M
Dont forget File Activity Monitoring !!
AdrianLane
A4: And DAM detects behavioral changed – if user does something unusual
Luis Casco-Arias
Since DAM can control access to the data, it can even prevent a breach by getting threat info from the network
Leslie Wiggins
A4: With the right solution, you can monitoring sensitive data and files and then tighten control around access
Cindy Compert,CIPT/M
and correlate activity with network applications and identity and access management #SIEM
AdrianLane
A4: Some cases redaction - if u don't trust user, blank out results
Andy Land
@AdrianLane It really is that user with what data they are touching combo. If you know what users should be doing with your data and then monitor that, then you have more than a fighting chance.
AdrianLane
@andylandtx Yes - when do you not trust the user? It's beyond Authorization
Andy Land
@AdrianLane Agreed. Why show users more data than they need to see. Mask it, redact, to keep data private and secure.
Leslie Wiggins
@CCBigData or of File Activity Monitoring, I'm sure
AdrianLane
@CCBigData Too busy managing their WAF
Andy Land
@cascoarias Data is what they want. So monitor it and who is accessing it.