In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than ever before.
Why are USB devices dangerous?
- USB devices can hold a lot of information. For example, a 128 GB USB flash drive can store 60,000 photos, 20,000 songs, 100+ videos, and more. Just imagine how many protected corporate files could fit on one drive. Also, the storage capacity of USB devices is only going to increase.
- USB devices are super portable. Some USB storage devices are the size of a small coin. This makes them very difficult to visually detect when plugged into an open port.
- USB devices are cheap and easy to find. If you're in the market for a USB storage device, there are some online for under $1.00 USD. Or if you don't want to purchase one, just go to an expo. Plenty of companies are handing out branded USB flash drives these days. In short, nearly everyone has a USB storage device of some kind.
- Data doesn't always delete from a USB drive. In one study, they found that 85% of secondhand USB devices had recoverable information including personal identity information and confidential corporate information easily.
- USB devices can directly carry malware. Inserting a device and executing or copying files could expose your network to unexpected malware.
What can an internal data breach result in?
The loss or theft of sensitive information is not limited to the realm of emails and contacts, but it can also extend to more sensitive information such as:
- Loss of copy-righted information
- Intellectual property data
- Deviation from compliance regulations
- Access codes and secure login credentials
All these severely impact the victim organizations in terms of financial and reputation loss. The 2014 Cost of Data Breach Study by the Ponemon Institute showed that the average cost to an organization who fell victim to a data breach was $3.5 million dollars.
What can you do about USB devices in your organization?
Here are some tips to ensure you keep your data protected on your network, servers, and workstations.
- Establish policies about portable devices and educate employees about your policies
- Set up access rules so only authorized employees have USB access
- Ensure to remove sensitive information access from employees once the purpose of using the information is fulfilled
- Do not leave old or unattended data on end-user systems
- Monitor the log activity of all your enterprise workstations and USB endpoints
How can log management technology help?
Continuous log monitoring of your IT infrastructure will help collect logs from all your workstation endpoints and trigger real-time alerts to notify you of USB activity on the network. With automated incident response available in log management tools, it's easier to take preventative action and automatically disable USB connection in real time.
USB Detection and Prevention with SolarWinds® Log & Event Manager
Need more control over monitoring USB devices connected to your network? SolarWinds Log & Event Manager software delivers an affordable, easy-to-use solution for monitoring USB devices to ensure your secure data stays that way.
Download a free, fully-functional trial, and in less than an hour you can be monitoring your network for USB device activity.
Download a free, fully-functional trial, and in less than an hour you can be monitoring your network for USB device activity.
SolarWinds Log & Event Manager:
- Protects sensitive data with real-time notification when USB devices are detected
- Automatically or Manually ejects USB devices
- Creates whitelists of authorized USB devices
- Monitors what files or processes are accessed on the drive
- Leverages built-in reporting to audit USB usage over time
LEM lets you see what files or processes are accessed on USB devices. This information can be further correlated with network logs to identify potential malicious attacks coming from a USB device. You can then detach the drive right from the LEM console or configure automated actions to block the usage, including the ability to disable user accounts, quarantine workstations, and automatically eject USB devices.
You can even configure LEM to detach a USB device when systems are offline. Plus, LEM provides built-in reporting to audit USB usage over time.
You can even configure LEM to detach a USB device when systems are offline. Plus, LEM provides built-in reporting to audit USB usage over time.
With LEM's USB defense, you can be confident your sensitive data doesn't walk out the door.
Download a free 30-day trial of SolarWinds Log & Event Manager now.
