How to Stop and Prevent Intellectual Property Theft
After years with no insight into foreign intellectual property attacks, a major health research organization had CoreView run a ‘Suspicious Sign-In’ analysis. There were substantial sign-ins and sign-in attempts from China. Further investigation revealed these state-sponsored cybercriminals were after the agency’s crown jewels – its precious medical research.
Health researchers aren’t the only targets. Companies that develop products, conduct research, or have leading edge and innovative business practices rely on critical intellectual property. Your competition, and a good many hackers – even foreign entities – would love to steal this hard-won information. Information that constitutes your near ENTIRE COMPETITIVE ADVANTAGE!
CoreView Blocks and Tracks IP Theft
CoreView blocks IP theft, and if it does somehow occur, helps IT figure out what the heck happened by performing forensics on IP theft, and prevents it from continuing or happening anew.
IP theft events occur for two main reasons – either an external threat or an internal threat. To CoreView, external and internal threats are the same. The CoreView solution logs internal threats the same way it does external threats – and treats them with the same level of security. When it comes to IP theft prevention, one CoreView report is particularly critical – sign-in fails. CoreView builds a map that displays where sign-ins are coming from across the globe. A customer may have people in North America and EMEA, but nobody in Southeast Asia – so sign-ins from that region are clearly suspicious and need to be flagged. CoreView also has long-term maps – such as showing 90 days’ worth of failed sign-in data. “Security professionals tell me they know people are trying to sign-in from China, Indonesia, India, and so forth,” said Matt Smith, solution architect for CoreView. “They are telling the truth – they do. Where we are different, is CoreView shows precisely what accounts they are targeting from the application perspective, not just the network perspective. CoreView, thanks to its unique enrichment capability, shows what users, departments or even privileged accounts, hackers are targeting. In addition, what measures have been put in place, such as if they have multi-factor authentication or not, as well as conditional access policies that were utilized to try to block them from gaining access. And, at the end of the day, what was the actual sign-in failure reason?”
With CoreView, IT can block these breaches by only allowing log-ins from allowed locations. If a user account is attacked this way, CoreView will know it and can investigate. Moreover, a CoreView-equipped Office 365 administrator can reach out to the user that was targeted, perform a workstation refresh, find out what other devices they are using, and what licenses they have on other devices, among other items.
These insights and reports are schedulable. “What we are trying to do from a security standpoint is operationalize these reports and create daily, weekly, monthly and quarterly touchpoints. The daily touchpoints are items we surface through the CoreView management console. Items like devices with malware. IT can get a daily report showing if a device shows up with malware. You can then run an additional report that shows the files that that user accessed since malware was detected on their account,” Smith explained.
For full IP protection, IT needs reports showing who was provisioned incorrectly so it can perform proper configuration management, if there are mobile devices that did not have an MDM policy applied, or which members of a department’s executive team did not get litigation hold enabled. “That is how we apply both the forensic capability and the blocking capability to our data repository to give you insights into exactly what is going on, and reduce the number of signals so they are actually consumable by O365 administrators,” Smith said. “Plus, if CoreView finds a sign-in from an infected device in our report, you can link that to an audit report that shows that particular user and everything that they have accessed since that malware was detected.”
Protect Your O365 Tenant With CoreView
Or sign up for a personalized CoreView demo.