Siems and such systems are designed for that. Could be part of SOC or CSIRT. Generally all large companies have that. It’s also getting more accessible to smaller structures in the form of « as a service ».
A data leak is a data leak whatever the vector so shit needs to be detected & acted upon.
It’s all fun & fair games when about Intel secrets it seems but what when a dickhead steals medical data or other perso stuff ?
Yeah I guess that’s the only sane way to do it. A tiny bit crazy the whole system exists, an automatic verification lights up, but only after the dude left.
Why did he have access to all that for starters, why wasn’t the alarms ringing when he did it etc. seems like security at Intel is kind of wonky. 🤷🏻♀️
It might just come down to they never experienced the exact type of espionage so didn’t have strong guardrails to prevent this. Hopefully some security engineers learned a lesson from this and will change their processes.
Logs
Who logs who reads files? And even if, who checks those logs? Gotta be a wild system.
Siems and such systems are designed for that. Could be part of SOC or CSIRT. Generally all large companies have that. It’s also getting more accessible to smaller structures in the form of « as a service ». A data leak is a data leak whatever the vector so shit needs to be detected & acted upon. It’s all fun & fair games when about Intel secrets it seems but what when a dickhead steals medical data or other perso stuff ?
Lots of companies maintain access logs. Anything with high security you want to be able to audit who accessed what and when.
But who pays someone to check them?
Normally you just have the systems admin or an automated system look into it. It depends on your security setup.
Yeah I guess that’s the only sane way to do it. A tiny bit crazy the whole system exists, an automatic verification lights up, but only after the dude left.
Why did he have access to all that for starters, why wasn’t the alarms ringing when he did it etc. seems like security at Intel is kind of wonky. 🤷🏻♀️
It might just come down to they never experienced the exact type of espionage so didn’t have strong guardrails to prevent this. Hopefully some security engineers learned a lesson from this and will change their processes.
I check those logs, not for Intel though.
The systems that support this range from simple to unnecessarily complex.
Are you paid to check file access logs?
Yes that’s a small part of my job.
I setup monitoring systems, ingest logs and create rules to detect unusual or malicious behaviour.
Then I perform investigations which sometimes turn into forensic investigations, which sometimes results in legal action.