Tim Erlin, Director of Security and Product Management at Tripwire :
“It sounds like a misconfiguration of the access control between campaigns. There are definitely tools that companies can use to monitor databases for any changes and determine who actually caused the data to be accessible. It’s important to remember that there are four parties involved here: two campaigns, the DNC and a third-party vendor managing the access control. In this case, though there was clearly an issue with NGP-VAN, the DNC has no ability to change vendors quickly, and the impact is on the Sanders campaign, not the DNC directly. With any data breach, change follows consequences. I don’t see a lot of motivation for NGP-VAN to change at this point. If the Sanders campaign reported this issue, or one like it before, there should be a record of that interaction. Finding that record would substantiate their version of the incident.”
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.
Stay Tuned! Our Information Security Experts Community is responding .....