Why network security logging and access controls have a problem: More signal, less noise

September 08, 2020//Scott Hearne

Last Updated: October 28, 2020

In order to keep your network as safe as possible, you need more visibility and control over remote, vendor network access. By implementing a vendor privileged access management solution (VPAM) to manage your vendors’ user identities and access control, you will have a better signal to noise ratio in your network! 

What is a “signal-to-noise ratio”? Let’s define it and see how it relates to remote vendor access. So, the signal-to-noise ratio is defined as a measure used in science and engineering that compares the level of the desired signal to the level of background noise. Think of it this way: the more you have of what you want, and the less you have of what you don’t want, the easier it is to measure something.” But, how does this relate to network security and access control?

In a survey by FireEye, a cybersecurity consulting firm, they polled C-level security executives worldwide and found that 37% of respondents receive more than 10,000 alerts each month. Of those alerts, 5,200 security alerts were false positives in a month and 6,400 security alerts were redundant in a month. That’s an insane amount of noise!

A vendor management solution can help stop the noise

Using a solution designed solely for vendor remote access will give you insight by providing and controlling the access vendor users have, and it also gives you visibility and control over everything those users do with that access. By separating your vendor users from your internal users, you will gain additional clarity from thousands of security logging events and more control over those users.

Why does it matter if you have visibility and control over your third-party vendor’s activity in your network? According to a recent Spiceworks survey of 600 IT firms, 44% of companies experienced a business-altering breach because of third-party vendor access. What does this mean? It means that 250 businesses experienced extreme business disruption because of a failure to know what vendor users are doing in their network.   

Imagine a conversation between two people in a noisy cafe. If I record that conversation from the table over, upon playback, it will be very difficult for me to understand what was discussed. Alternatively, if I record that same conversation in a quiet room, it will be much easier to understand what was discussed upon playback. The signal-to-noise ratio in the quiet room is much higher than in the noisy cafe.

Using a vendor management solution for your vendor users is the same as recording a conversation in a quiet room. For example, when you receive an alert from a vendor management solution, like a VPAM platform, you will know three key things: 

  1. The name of the vendor user
  2. The company the rep work for
  3. The computers and/or devices within your network the vendor user accessed

More importantly, you’ll also receive an email notification summary with this connection information. This will give you actionable data in real-time. All of this information provides clarity and accessibility to vendor user activity. You’re no longer having to dig through your internal logging to derive insight into vendor user activity. You can rely on a vendor management solution to notify and clarify that vendor access information. 

How a vendor management platform leads to better efficiency and security

Let me tell you a story about a company, let’s call it Tiddlywinks. They have a ton of external vendor support technicians who need to access their environment from India. Since India is far away from the US which means that there’s a big-time difference in business working hours between the two. Before using a VPAM solution, Tiddlywinks IT professionals were having to sit on shared maintenance sessions on a less-than-perfect platform at 2 in the morning to watch vendor users on their network. 

This highlights the issue that most security logging and VPN access controls are so incoherent that it’s easier for a network technician to be awake at 2 AM to monitor vendor users than to dig through security logs and manage their VPN controls. So when Tiddlywinks purchased a VPAM solution, it dramatically changed their work-life (and sleeping patterns!). Here’s an insightful quote from David, an IS Analyst at Tiddlywinks. He says, “all our application analysts love the fact that they can get notifications on their vendor activity and that they can be the ones to authorize access at the vendor rep level. Another big benefit is not having to sit on a WebEx as they did previously with their vendors who needed to connect at 2 in the morning.” 

Using a vendor management solution helped those application analysts have a better work/life balance and derive meaningful clarity and control over vendor network access. Improve your network security logging and access control signal to noise ratio– to learn more about how to do that, check out our helpful brochure that talks about how your vendor access tools are putting you and your company at risk.

close close