In today’s modern and distributed enterprise, it’s more difficult than ever to proactively combat internal and external threats due to a lack of server visibility in the context of user behaviour, application updates and system configuration changes.
This lack of visibility into data access, usage, modification, movement, upgrades and IP connections creates gaps in ‘intent’ awareness and fails to identify abnormalities that signal increasing risk, such as application deployments, administrative changes and new users.
Business leaders need to rethink server visibility, detection and protection, especially considering the recent attacks on both businesses and the technology platforms they run. In virtually every successful attack there were obvious abnormal superuser account activities, anomalous file downloads and changes in packaged software processes. These attacks all offered ‘indicators of intent’ that should have triggered elevated risk scores and immediate investigative action.
- Hits: 280