Unexpected USB drive activity

The Network: Midwest US banking institution, hundreds of servers and thousands of workstations

The Expectation: All USB storage devices are disabled across all machines by Group Policy

The Catch: Netsurion's EventTracker USB insert/remove feature of it's sensor was enabled. Within a few days of installation, a routine report on USB activity, which was expected to be empty indicated that two machines showed staff inserting USB sticks and copying data to them.

The Find: Seems the two machines had somehow not processed the Group Policy, leaving a gap in coverage.

The Fix: Force GPO processing on the machines

The Lesson: Trust but verify. Netsurion's Managed Threat Protection provides comprehensive visibility into actions by both internal users and external threat actors. Netsurion's SOC quickly detects security gaps and reduces the time potential adversaries spend in your organization, greatly minimizing dwell time and the loss of sensitive data as well as the bank’s hard-earned brand reputation.