If you ask any systems administrator or network engineer worth their salt, what is the single detail in their day to day tasks that keeps them awake at night, they will undoubtedly tell you data security. As a Managed Service Provider, MHD Communications is well aware of the security risks that plague a business. Questions like, how do I keep the wolves at bay as they are incessantly pounding on the doors of my clients’ business? How do I maintain a locked down environment for a business owner? What is the best method for monitoring a clients’ business?

These are difficult and relevant questions, but with the means of sound firewall technology in the hands of MHD Communications’ well trained and experienced technicians it can be accomplished. The firewall defense has a proven track record as a definitive perimeter tool. A tool that will keep the ‘bad guys’ out. However, what if the ‘bad guys’ are on the inside of your impenetrable wall of safety. What if those very people who walk through your clients’ door every day are the ones compromising their data?

MHD Communications is well aware of insider threats and has discovered from a recent Verizon analysis that nearly thirty percent of all security threats are from trusted insiders. Those who reside safely on the inside of your secured facility are the very same ones chipping away at your critical data. With this being said, one must ask, what technologies can be employed that will help staunch the flow of crucial data from the artery of a business? The foresight of the technical staff of MHD along with advanced technologies of the Fortinet group can bring about a significant change to how insider threats are not only found but ultimately eliminated.

On October 23, 2018 Fortinet integrated the ZoneFox technologies into their security fabric. The acquisition of this company brings an expertise to the Fortinet Group that will allow for an effective analysis of insider threats. In order to implement an effective strategy a client-based tool was designed and implemented by ZoneFox aptly named Smart Connectors. These virtually transparent components reside at the driver level of the native operating system. At this level not only do you increase speed and data acquisition a hundred-fold with effectively no bottle neck, but this also helps make the technology virtually impervious to corruption.

The following is a brief list of data objects that are collected and analyzed.

Sensitive File Monitoring

Operating systems maintain thousands of files filled with information that is used in the day to day operation of an enterprise. Many of these files are either temp files, work files, or transitional files that facilitate either software or hardware operation. These files comprise the majority of most operating system storage.

There are also, however, many files that are important for the operation of a clients’ business. These are spread sheets, Word processor documents, application specific configuration files, and a host of others. These files must be monitored using the CRUD model of Create, Read, Update, and Delete. In addition, the movement of files within the architecture of the file system is also of primary importance.

As an example, a client may have an employee that on a daily basis creates and updates spread sheet files in order to generate invoices. This employee, the majority of the time, has a habit of never moving these files from their originating folder. However, one day the employee takes all of the created invoice files for the week, compresses them into a single zip file, and then emails the zipped file to themselves. To a firewall, this looks like normal activity and would not be noticed, but to an intelligent insider tracking system this would set off a red flag and generate a report to MHD Communications to be swiftly acted upon.

Process operations and monitoring

There are literally hundreds of processes doing little jobs throughout the day on an employee work station. These processes are the backbone of work flow and the necessary ingredient to expedient data processing. These processes are monitored for frequency of execution, data generated, data manipulated, and data moved. In addition, there are other communication processes that are monitored for network interaction. Which IPs are being used, how frequently they are used, how much data is being passed through the network and where is that data being sent.

Normal firewall communications can catch a great deal of the network traffic anomalies but there are still times when data escapes through poorly configured thresholds or a missed hostile IP address.

Through the mapping of network traffic and the monitoring of process related data manipulation the ZoneFox system can identify and flag potential breaches in the security fabric and notify the technical staff at MHD Communications for analysis and action.

Database tasks and procedures

Database handling has a two-fold monitoring system to detect data theft, corruption, or deletion. At one level there is the database file store which can be attacked and either deleted or corrupted. Monitoring access through the ZoneFox tool set will alert MHD Communications’ Managed Service Client of any possible misuse or unauthorized access to the database.

In addition, there are many data manipulation languages that can be used to extract or move data. Many of these scripting languages allow for the manipulation of table information. Adding and subtracting columns to and from a table, as well as having SQL script triggers related to certain columns.

A good example would be a SQL script that tracks the update and or creation of passwords, or credit card information. Each time one of those columns is updated the data is extracted and sent to a file which is then removed and placed on an external storage device like a USB drive. ZoneFox monitors this type of malicious script. In addition, scripts that are not normally run and are defined as an anomaly, generate a report and MHD Communications is notified of the possible data breach.

With decades of collective expertise as a Managed Service Provider in the Tampa Bay area MHD Communications invites all of its client base to implement the ZoneFox technology. Artificial Intelligence tied to daily gathered data is a key tool in finding those ‘insiders’ who would harm your business. There is no way to completely stop all system breaches but with the Fortinet ZoneFox technology and the expert technicians of MHD Communications, it can be held to a virtual standstill.