数据uc库_依靠uc分析来监视和防止数据泄露

数据uc库

Bad actors are always on the lookout for the easiest path into corporate networks. As the adoption of Unified Communications continues to grow, so does the number of malicious actors who prey on vulnerabilities created with UC implementations. Unfortunately, the source of vulnerabilities emanates from a lack of understanding of the risks and lack of ideal practices to monitor and prevent potential UC security threats, especially data breach.

不良行为者总是在寻找进入企业网络的最简单途径。 随着统一通信的采用不断增长，恶意攻击者掠夺通过UC实施创建的漏洞的人数也随之增加。 不幸的是，漏洞的源头是缺乏对风险的了解以及缺乏监视和预防潜在的UC安全威胁(尤其是数据泄露)的理想做法。

Security should the priority of every enterprise at all times. Enterprise’s sensitive data needs protection from inappropriate access, potential theft, alteration or deletion. Therefore, the IT world needs UC analytics as a tool to rely on to monitor and prevent data breaches that are likely to occur. There’s a crucial point within a data breach where UC analytics can play a key role — monitoring the breach.

安全应始终是每个企业的首要任务。 企业的敏感数据需要得到保护，以防止不当访问，潜在的盗窃，更改或删除。 因此，IT界需要将UC分析作为一种工具来依靠它来监视和防止可能发生的数据泄露。 数据泄露中有一个关键点，UC分析可以发挥关键作用-监控泄露。

The majority of data breaches are usually discovered when the breach activity has ceased. Here, the clear focus is to minimize the time period it takes to identify a breach. The faster you identify a breach, the more the chances you have to address it. Here, UC analytics gives you and your IT staff the power to properly monitor all file activities of your enterprise.

通常，在数据泄露活动停止后才发现大多数数据数据泄露。 在这里，明确的重点是最小化识别违规所花费的时间。 您越快地发现违规，就越有机会解决它。 在这里，UC分析使您和您的IT员工能够正确监视企业的所有文件活动。

There’s no way a data breach can occur without the attacker not logging on or authenticating at some point; or accessing an endpoint’s file system. Logon is known as the leading indicator to breach activity, while file access can be viewed as an indicator of present breach activity. Therefore, abnormal file activity makes UC analytics a viable part of your data breach protection strategy.

如果攻击者没有在某个时候不登录或进行身份验证，就不会发生数据泄露。 或访问端点的文件系统。 登录是违反活动的主要指示器 ，而文件访问可以看作是当前违反活动的指示器。 因此，异常文件活动使UC分析成为数据泄露保护策略的可行部分。

UC analytics allows organizations to monitor the regular patterns of access around files with sensitive data. It makes it possible to easily identify any deviation from the norm that may occur in the file activity. Oftentimes, the same user accounts will largely access the same files from the same systems, during the same time of day, with the same patterns of access. Therefore, any deviation from these norms could indicate a potential UC data breach. Some of the abnormal activities aspects that your organization needs to be looking for include:

UC分析允许组织监视具有敏感数据的文件的常规访问模式。 这样就可以轻松识别文件活动中可能发生的任何偏离规范的情况。 通常，相同的用户帐户将在一天中的同一时间以相同的访问方式从相同的系统访问相同的文件。 因此，与这些规范的任何偏离都可能表示潜在的UC数据泄露。 您的组织需要寻找的一些异常活动方面包括：

1.频率 (1. Frequency)

Are your organizational files being accessed several times more than is normal? An organization should take note that an unsure insider having second thoughts about breaching data may take multiple access attempts before finally taking data. Multiple access attempts more than usual could be considered potential red flags for data breaches.

您的组织文件被访问的次数是否比正常访问次数多？ 组织应注意，不确定内部人员是否对数据泄露有深思熟虑，可能会在最终获取数据之前进行多次访问尝试。 比平时更多的多次访问尝试可能被认为是数据泄露的潜在危险信号。

2.金额 (2. Amount)

Usual user access can likely resolve around an average daily use. Your UC analytics can provide you detailed information for usage patterns. The presence of uncharacteristic usages such as mass copying, bulk deletion, or mass movement of data could be a signal for a data breach or an account takeover. And this is worth looking into.

日常用户访问可能会解决平均每日使用量。 UC分析可以为您提供有关使用模式的详细信息。 大量复制，批量删除或大量移动等不正常使用可能是数据泄露或帐户接管的信号。 这值得研究。

3.日期/时间 (3. Day/Time)

UC analytics allows you to sync your system usage with the daily and weekly activities of your organization. Therefore, any usage outside of the regular activity time period should be considered a red flag. For instance, a user accessing data 11 pm on Saturday night who normally only accesses files Monday — Friday during business hours seems suspicious.

UC分析使您可以将系统使用情况与组织的每日和每周活动同步。 因此，在正常活动时间段之外的任何使用都应视为危险信号。 例如，在星期六晚上11点访问数据的用户通常只在工作时间星期一-星期五访问文件，这似乎是可疑的。

4.端点/ IP地址 (4. Endpoint/IP Address)

Any access from a machine outside the organization network, or one that doesn’t often access a given set of files is worth looking into. This could be an obvious indication of inappropriate use of an organization’s data.

从组织网络外部的计算机进行的任何访问，或不经常访问给定文件集的任何访问都值得研究。 这可能是不适当使用组织数据的明显迹象。

5.权限变更 (5. Permission Changes)

Bad actors like to ensure dedication, both on endpoints and to data. The reallocation of permissions to specific recently created accounts is a common tactic used by these bad actors.

不良行为者喜欢确保对端点和数据的奉献。 将权限重新分配给最近创建的特定帐户是这些不良行为者常用的策略。

6.流程 (6. Processes)

Bad actors have their own peculiar tools that they use for data exfiltration. Therefore, seeing processes other than Explorer, Word, etc. accessing your files could indicate a potential data breach.

不良参与者有自己独特的工具，可用于数据渗透。 因此，查看除Explorer，Word等之外的其他访问文件的进程可能表明潜在的数据泄露。

UC analytics alerts IT and security teams of the presence of abnormal file access activity that may occur across their UC network. UC analytics makes it very possible for organizations to monitor file activities and easily put adequate attention on what may result to a data breach. If you or your IT team notice any drastic changes to your file activities, this could be a red flag for a data breach and immediate action should be taken to prevent it.

UC分析会向IT和安全团队警告其整个UC网络中可能发生的异常文件访问活动。 UC分析使组织非常有可能监视文件活动，并轻松地充分注意可能导致数据泄露的因素。 如果您或您的IT团队注意到文件活动发生了任何重大变化，则这可能是数据泄露的危险信号，应立即采取措施防止这种情况发生。

Originally published at https://nextplane.net on January 22, 2020.

最初于 2020年1月22日 发布于 https://nextplane.net 。

翻译自: https://medium.com/@NextPlane/relying-on-uc-analytics-to-monitor-and-prevent-data-breach-36c73dbc4816

数据uc库