Extract fo article by Jai Vijayan
An overwhelming amount of data from customer assessments has shown that the use of such tools and services by employees is almost always a precursor to data theft or other malicious behavior. “Enterprises usually don’t expect to find such a high volume of employees actively trying to bypass security controls,” says Rajan Koo, senior vice president of customer engineering at Dtex.
Employees using private VPNs and Tor on an enterprise network are typically trying to hide their actions and do something that will not be detected by the organization’s security controls, he says. “Security bypass is the first step towards data theft or other destructive behavior,” Koo says.
For example, if a user threat assessment uncovers an employee using a TOR browser on the network, administrators should treat that as a red flag that the employee is engaging in prohibited or even potentially illegal behavior. Similarly, there’s a high chance that an employee who spends hours researching ways to get around security systems is trying to evade the controls within their own organizations.
“When an employee spends time researching how to bypass security controls, we often find that they are trying to exfiltrate data without being blocked by their DLP or without raising any flags on the network,” Koo says. Or they could be trying to save time by using their favorite tools that are being blocked by corporate security, he says.