Hacker News new | ask | show | jobs
by borski 665 days ago
Great question; not to my knowledge. There would be many false positives, especially as people bring in guests. Sometimes guests get a temp badge; at many companies, they get a sticker to put on their shirt and get tapped in by their host, who is responsible for them.

Rather than building a SOC to look at logs and flag unbalanced entries or similar (which would be very expensive), companies tend to rely on their employees’ vigilance.
2 comments
nativeit 665 days ago
I suppose the expense, and the risk in relying on employees, is gonna be quite relative to the organization and its priorities. I wouldn’t imagine setting up a log monitor with some basic monitoring should be that expensive. As someone above mentioned, it’s kind of odd that these systems are so utterly disconnected to the broader IT protocols in so many places. I use a few different RMM solutions that could almost certainly handle the log collection, analysis, and real-time monitoring with alerts and I don’t think it’d take much time/effort to set up. The most critical point would simply be maintaining healthy access controls and avoiding the potential for new potential vulnerabilities.
link
borski 665 days ago
> I suppose the expense, and the risk in relying on employees, is gonna be quite relative to the organization and its priorities.

Of course. If you work in a SCIF, you're going to have a very different set of rules and experiences than if you work at LiftMaster, if you know what I mean.

> I use a few different RMM solutions that could almost certainly handle the log collection, analysis, and real-time monitoring with alerts and I don’t think it’d take much time/effort to set up.

Right! But someone's gotta watch it. All day, and all the time. If it's sending alerts, who is it sending them to? The same security guard can't be responsible for both watching security monitors and watching or responding to access log issues.

The expense is in the people and maintenance, not in the initial buildout, as is true for many large enterprise initiatives.

link
ethbr1 664 days ago
> As someone above mentioned, it’s kind of odd that these systems are so utterly disconnected to the broader IT protocols in so many places.

My greatest realpolitik lesson at uni was being assigned parking in an "odd" building's gated parking lot. It was close to my dorm, but required carrying your permit to them, so they could enter you into their system for access.

Cue realization they weren't connected to the main university parking registry.

Cue my not buying a parking pass (a substantial cost, as this was an urban campus) for the next few semesters... as my prior auth continued to work on the gate.

And why would parking police think to check for unregistered parkers in a gated lot?

(As far as I can remember, I still had access ~2 years after graduation, then they finally cleaned up their DB)

link
account42 662 days ago
> companies tend to rely on their employees’ vigilance

AKA they ignore the problem but check it off on the security audit.

link