This document discusses the risks posed by privileged users and insiders and how application auditing with Hiperstation can help address those risks. It provides examples of how Hiperstation was used to investigate a fraud case by searching the audit logs, identify inefficient practices to improve employee performance, and help diagnose a system failure. The benefits of application auditing with Hiperstation include deterring fraud, ensuring data security, understanding application usage, providing forensic evidence, and enabling faster issue resolution for customers.
3. 3
Privileged Users
• Privileged users are employees with high levels of authority
over company’s technology
• Include:
– Database administrators
– Developers
– Support technicians
– Operations individuals
– Client-facing personnel
– Back office staff
– Contractors or other third party partners
– And more!
4. 4
• 25% of employees have unnecessary
privileged access to company data1
• Typically results from
• Membership in group with
privileged access; receive
authority by default
• Role changes; retain access
that is no longer required
• Unnecessary privileged access can
leave companies open to insider risk
of data breaches
Privileged User Data Access
1 Privileged User Abuse & The Insider Threat
Commissioned by Raytheon Company from Ponemon Institute LLC, May 2014
5. 5
Types of Insider Risk
1. Fraudulent use of data
– Profits individual committing fraud
– Most common type of insider risk
2. Malicious exposure of data
– Goal = damage company
– Typically committed by
disgruntled employees
6. 6
Types of Insider Risk
3. Inappropriate use of data
– Information collected without malice
but outside of role
– Example: employee views famous
customer’s shopping habits for
amusement
4. Inadvertent data exposure
(blagging/pretexting)
– Information learned through role,
but inadvertently shared with
external individuals
– Example: employee unintentionally
reveals too much internal information
to journalist while trying to be helpful
7. 7
The Risk Is Real
April 3, 2014
BBC news reports Scottish police
officers are being investigated for
breaching data protection laws
whilst on duty
• Six individuals convicted in 2013
• 55 other open cases
“It would be a ‘major concern’ if
information were passed to criminals”
- Labour's Justice spokesman
8. 8
The Risk is Real
Nearly 2,500 breaches of confidentiality by NHS each year1
1 According to an investigation by a privacy campaign group. BBC, November 2014.
Number of Cases Result
50 Data posted on social media
103 Data lost or stolen
236 Data shared via email, letter or fax
251 Data inappropriately shared with third party
EXAMPLES
10. 10
Combating the Risk
• Limit number of privileged users
– More users = higher risk
– Avoid blanket rights
– Modify rights when roles change
• Periodically review security rules
and enforcement
• Continually educate staff on data protection
and risks of exposing information
• Insure yourself with Application Auditing
12. 12
Application Auditing
• Monitors applications to ensure
security and data integrity
• “Big Brother” connotation,
but actually protects
employees and company by
keeping record of activities
13. 13
Application Auditing
• Deters individuals from
committing fraud by increasing
likelihood of being caught
– Decreases malicious risk
• Monitors applications to ensure
security and data integrity
• “Big Brother” connotation,
but actually protects
employees and company by
keeping record of activities
14. 14
• Protects data security
Application Auditing
• Deters individuals from
committing fraud by increasing
likelihood of being caught
– Decreases malicious risk
• Monitors applications to ensure
security and data integrity
• “Big Brother” connotation,
but actually protects
employees and company by
keeping record of activities
15. 15
Application Auditing Benefits
• Provides insight into
actual application use
– Actual use might differ
from IS’s perception
– Better design future
maintenance and
development plans to
reflect actual usage
16. 16
• Can provide forensic evidence
for court cases if data breach occurs
– Logs show what was
exposed, by who and when
Application Auditing Benefits
• Provides insight into actual application use
– Actual use might differ from IS’s perception
– Better design future maintenance and
development plans to reflect actual usage
17. 17
Application Auditing Benefits
• Assist customer support reps solve problems faster
– No longer need to recreate client’s problem
– View log to see issues leading up to and occurring during error
• Can provide forensic evidence
for court cases if data breach occurs
– Logs show what was
exposed, by who and when
• Provides insight into actual application use
– Actual use might differ from IS’s perception
– Better design future maintenance and
development plans to reflect actual usage
18. 18
• Provides insight into actual application use
– Might differ from IS’s perception
– Better design future maintenance and development
plans that reflect actual usage
• Can provide forensic evidence for court cases
if data breach occurs
– Logs show what was exposed, by who and when
• Assist customer support reps solve problems faster
– No longer need to recreate client’s problem
– View log to see issues leading up to and occurring during error
Application Auditing Benefits
• Identify patterns by setting up automated search
to proactively look for issues before they occur
20. 20
• Charlie (telesales rep) takes phone order
– Uses CICS application to enter name, address,
product, quantity and credit card details
Use Case: Fraud
21. 21
• One day later, police contact company with
claim that credit card was used fraudulently
• Police know credit card number and that it
was used at company
• Doug (company security manager)
is asked to investigate:
– Who took order within company
– What details were captured
– When order was placed
– Any other relevant details available
Use Case: Fraud
22. 22
• Doug accesses Hiperstation, which audits all mainframe
applications including order processing CICS system
Use Case: Fraud
23. 23
• Leverage Hiperstation’s application auditing component to search
for specific order by choosing audit file from day that order was
placed and entering credit card number into search string
Use Case: Fraud
24. 24
Use Case: Fraud
• Search shows
session that
used credit card
with exact
screen and
order details
including
who placed
order and when
• Company can
also provide
audio logos of
call from here
Session Using Credit Card Number
Credit Card Number
Employee who
took order
25. 25
Use Case: Fraud
• Report also
shows second
session using
same credit
card number
26. 26
• Second order
details show Steven
(another telesales
rep) used same
credit card to
process this order
• Proved that Charlie
was innocent
• Information and
audio logs for both
sessions can be
provided to police
Use Case: Fraud
Second Session Using Credit Card Number
30. 30
• While investigating fraud case, Doug noticed Steven uses
twice as many screens as Charlie
– Steven’s transactions are more resource intensive
and use more CPU than other employees
Use Case: Increasing Employee Efficiency
31. 31
• Doug investigates further and sees error messages
on each of Steven’s screens prompting him to enter
another field
• Rather than filling out screen completely and pressing
<enter>, Steven uses <enter> like <tab>, increasing
required resources to execute transaction
• Lazy practices cause extra transactions to run
• Doug can now train Steven on how to more efficiently
enter orders
Use Case: Increasing Employee Efficiency
33. 33
• Doug also noticed
that Steven
experienced
system failure
• Can set up search
on “abend” to
locate error
Use Case: Identifying and Solving Problems
34. 34
• Results show screens prior to abend and details on what
product was being ordered
• Can investigate data validity
• Helps quickly diagnose problems
Use Case: Identifying and Solving Problems
Screen
prior to
Abend
35. 35
Additional Benefits of Hiperstation
• Don’t have to be skilled on
mainframe to identify issues
or gather information within
Hiperstation
• Didn’t need ISPF or 3270
screens to process initial
fraud request
• All of these features are
inherent functions of
Hiperstation
36. 36
• Is not Big Brother
• Deters fraud and malicious acts
• Ensures data security as breaches can be found and
dealt with quickly and effectively, minimizing impact
on reputation and finances
• Facilitates understanding of actual application usage
that can be used to improve user experience and for
future development
• Provides forensic evidence for court cases as needed
• Enables customer support to resolve client issues
without recreating problem
• Gain information needed to react to events and set up
proactive searches for breaches
Application Auditing with Hiperstation
37. 37
• Allows companies to protect
privileged users and reduce
insider risk of data breaches
Hiperstation Application Auditing