Netsurion logo Netsurion logo
  • Managed Threat Protection
    Back
    Managed Threat Protection
    EventTracker

    Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.

    • Solution Overview Managed Threat Protection
    • Platform Details Threat Protection Platform
    CapabilitiesKey Capabilities
      Back
      Key Capabilities
    • Security Operations Center
    • SIEM
    • Endpoint Security
    • Threat Detection & Response
    • Intrusion Detection
    • Vulnerability Management
    • Threat Hunting
    • Ransomware Protection
    • Microsoft 365 Security
    • Regulatory Compliance
    Business ApplicationsBusiness Applications
      Back
      Business Applications
    • Private Equity
    • Banking & Financial Services
    • Healthcare & Pharmaceutical
    • Retail & Hospitality
  • Secure Edge Networking
    Back
    Secure Edge Networking
    BranchSDO

    All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.

    • Solution Overview Managed Secure Edge Networking
    • Platform Details Edge Networking Platform
    CapabilitiesKey Capabilities
      Back
      Key Capabilities
    • Network Operations Center
    • Secure SD-WAN
    • Next-Gen Firewall
    • Network Threat Response
    • Network Segmentation
    • Cellular Failover
    • Wi-Fi Management
    • PCI DSS Compliance
    Business ApplicationsBusiness Applications
      Back
      Business Applications
    • Point-of-Sale Security
    • Restaurant & Hospitality
    • Retail & C-Store
    • Branch Offices
  • Partners
    Back
    Partners
    Partner Program Overview

    Accelerate business growth through our award-winning partner program.

    • Partner Program Overview
    • Managed Service Provider Program
    Partner Program Overview Image
  • Insights
    Back
    Insights
    Insights
    • View All
    • Cybersecurity
    • Edge Networks
    • Compliance
    • SOC Catch of the Day
    • Webcasts & Events
    Insights Image
  • Company
    Back
    Company
    About Us
    • About Netsurion
    • Leadership
    • News
    • Careers
    • Contact Us
    About Us Image
  • Support
    • myNetsurion
    • BranchSDO Support
    • EventTracker Support
  • Support
  • myNetsurion
  • Contact Us
  • How to Buy

SOC Catch of the Day

We review billions of logs daily to keep you safe from advanced threats.

HomeInsights Catch of the Day Nosy Admin Snoops Managing Partners Email

Nosy Admin Snoops Managing Partners Email

The Network: A law firm headquartered in the U.S. East Coast with a dozen offices worldwide.

The Expectation: Email is the “killer” app for attorneys. Confidentiality of electronic communications is essential and to be expected. Law firm uses on-premises Microsoft Exchange as the hub of email communications. This is considered to be safe and controlled.

The Catch: Netsurion’s EventTracker detected a privileged user (admin on the Exchange box) abusing his privileges to view a Managing Partner’s email communications.

The Find: Microsoft Exchange users can share items like calendars and delegate access. Senior staff do this regularly so that their calendar can be maintained and coordinated. However, while an admin has complete power and can view everything, it doesn’t mean that s/he should.

The Fix: Institute monitoring since such behavior cannot be prevented. High priority alerts are defined to capture this type of situation. Make sure to filter out legitimate access such as calendar delegation to minimize false positives.

The Lesson: Compliance and privacy are impacted by snooping employees who exceed their “need to know” role and responsibility. Security awareness training and Role-Based-Access-Control can educate and limit rogue employees. Comprehensive 24/7/365 monitoring by the Netsurion SOC quickly detects and helps respond to harmful employee access.

Related Catches
  • Dubious Document Destroyed at Law Firm
  • Phony Performance Warning Foiled
  • Vulnerable VoIP
Latest Catches
  • MITRE ATT&CK Guides MSP on Cobalt Strike Threat Mitigation
  • PowerShell Threat Neutralized by MSP of Financial Client
  • Crypto mining via PowerShell Caught at Retailer
Catch of the Day Catch of the Day RSS Feed

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept

Contact Us

  • (713) 929-0200
  • BranchSDO Support
  • EventTracker Support
  • partners@netsurion.com
  • sales@netsurion.com

Partners

  • Partner Program Overview
  • Managed Service Provider Program
  • Partner Portal Login
  • Find a Partner

Quick Links

  • Why Netsurion?
  • Blog
  • Careers
  • Managed Threat Protection
  • Secure Edge Networking

Follow Us:

Stay in the Loop

  • Terms of Use
  • |
  • Privacy Policy
  • |
  • Soc 2 Type 2 Compliant
  • |
  • Descriptions of Services
  • |
  • Contact Us
  • |
  • Sitemap
  • |

Copyright © 2022 Netsurion. All rights reserved.