Proactive Insider Threat Mitigation: Building and retrofitting your systems with automation

There has been a lot of talk about insider threats across the industry, with people providing their own differing thoughts and potential solutions to the problem. That said, the one thing that we all can agree on is that an insider threat is, at its core, what it says it is – someone on the inside of the organization with enough access (employee or other) to be a potential threat to a system or a brand.  

It is important to note that these threats are not always malicious. In fact, they are often as simple as someone reacting to an incident or request which inadvertently opens a potential area that could be exploited. The reality is humans make mistakes.

Intentional or not, it is critical to develop a strategy to mitigate or minimise some of the possible risks of insider threats. One tried and true way is by going back to the basics of your systems, baselines, and settings to ensure you know:

  • What you have  
  • How it works
  • How it was built  
  • How it has changed

Potential Insider Threat Risks Based on OS management

Are all your systems built in a consistent manner?  

Systems built the same way can help identify root cause and fixes making threats much easier to resolve when everything is aligned.  With an audit of all your systems carried out, you will have the information to help identify potential gaps in your infrastructure.  This enables some of the following questions:    

  • Did you only install items that are absolutely required?
  • Does anyone outside of the required users have access including vendors or 3rd parties?
  • Does everyone need the level of access that they are granted?
  • Could you minimise OS system versions? Keep in mind that the attack surface area is greater with more managed OSs. (see diagram below)

Depending on your unique system, your core operating system will likely have its own security guidelines for you to follow as well.  

Why adopting OS system standards can help to minimise the risk

The simple diagram below helps to visualize how adopting industry-defined OS security benchmarks can influence the mitigation of potential areas of attack. Narrowing down the risk and minimising areas that could have the potential to be exploited whether by insider threat or external.

What needs to be done to minimise the risk

Start with the basics. Understanding security fundamentals will make it much easier to find, diagnose, or mitigate existing risks. This can be seen as simple as the following documented processes, being consistent in your OS builds, and maintenance of your IT infrastructure (no matter how large).  

Although these system and process standardizations seem simple, it often comes with a lot of work and initially not an easy thing to achieve. Gathering, reviewing, and auditing your systems can feel like repetitive, time-consuming work with little to no reward. However, the benefits long-term can improve multiple areas of a business, driving efficiencies in unexpected areas. It is this work that naturally leads into the adoption of automation tooling, incorporating configuration management, and version control.

How to start standardizing your OS configurations

Combining configuration management and automation will naturally include adoption of version control systems, can not only help reduce your threat potential but improve efficiencies and ultimately time to fix. Giving you a greater control, auditability along with consistent and repeatable systems enabling you to ensure those benchmarks are met consistently, reducing risks and minimising human error.  

These all enable a much greater path to the adoption of industry best practices, improved security posture and much easier adoption of industry supplied security benchmarks. Whilst being on the path to working benefits e.g. DevOps, compliance.

Depending on the current state of each of your OSs, you will have two options:

Greenfield - New environment

If you are starting from a completely clean slate, you will have the opportunity to automate your security posture properly from the ground up. Most importantly,

  • Use configuration management and automation to keep things consistent
  • Define and document as you go (You will thank yourself later for taking the time upfront to document everything)  

Brownfield – Existing environment

While an existing environment might require slightly more time and resources, it is completely possible to build a configuration that works within your current system. We recommend starting with one element and proceeding with a few small changes, minimizing risk to services and brand:

  • Control the access  
  • Adopt config management, including version control and automation
  • Align systems one file at a time
  • Remove unnecessary products
  • Document and define the process

Additional Benefits to System Baseline Automation

Taking this path will help to mitigate insider threats and many other risks to service and brand. The adoption of the industry best practices and approach to system security often comes with some of the following benefits:

Configuration managed systems - less direct human interaction

  • Automation for delivery of content
  • Consistency
  • Related efficiencies

Version control is default best practice for confiig. management, providing

  • Auditing
  • Logging
  • Change management visibility

Smaller OS/infrastructure system footprint

  • Unnecessary packages not installed
  • Fewer resource requirements
  • Fewer OSs variants to support

Faster deployments or recovery
Speed to resolution
Long term cost saving and efficiency
Easier OS adoption
Often a path to adopting new practices (e.g. DevOps, DevSecOps)
Easier to external audit – with supporting processes and documentation
Increased chance of compliance approval
Improved delivery of services
Easier migration of systems to infrastructure (e.g. cloud adoption)
Automation adoption across many other areas of an IT estate

Insider threats happen to even the best of organizations. By standardizing your systems’ configurations, limiting the number of OSs, unnecessary applications installed and limiting user access to only the systems that they need, you will be able to remove some of the potential threats to your organization.

Utilizing a standardized, repeatable and automated system, you can help your organization reduce insider threats whilst improving efficiency, consistency and ultimately service. With the adoption of configuration management with automation, you are able to ensure your systems are set-up in the same way every time. Thereby reducing risk and should a vulnerability be identified, helping you to mitigate those threats in a swifter and more consistent manner when they are found.  

Consider Expert Support

If this is your first shot at using automation in your organization, it would be worth considering partnering with experienced and trusted experts, like the counsellors at MindPoint Group, who can combine a holistic understanding industry standards and practices. They will be able to able to help you apply best practices to your organization with expert knowledge, can help you deploy the best and most efficient configuration for your systems.

More from Our Cybersecurity Experts