I read an article this morning that discussed how little most companies trust friendly hackers when they discover vulnerabilities. According to the San Francisco Chronicle article, while some larger tech companies are willing to listen to these outside sources, the majority are leery of them [registration required].
This might not be great news for information-sharing laws, but I do wonder if there is a role for friendly hackers in behavior analytics, which relies on human and attacker behaviors. A new report from Rapid 7 points out how important the role of behavior analytics is in today’s threat detection and prevention. As the report states:
Vulnerabilities and exploits grab headlines and the attention of the world’s security community . . . However, penetration testers and criminal intruders agree: Compromised credentials are what makes the job of hacking possible and profitable for intruders on a daily basis.
Robert Abel, writing for SC Magazine, adds:
Researchers said that by monitoring user accounts, cloud usage, location of mobile BYOD (bring your own device) use, and lateral movement of information within their systems, enterprises can gain insight into how employees use information to better detect abnormalities.
Unfortunately, only a small number of companies rely on behavior analysis right now, according to a recent SANS survey on analytics, so already companies aren’t doing as much as they can to take advantage of what we know (and can continue to learn) about human behavior. At the same time, can behavior analysis be enhanced by friendly hackers?
In a Dark Reading article, Rapid7's Tod Beardsley, security research manager, and Roy Hodgman, data scientist, point out that analysts have to understand what normal behavior is for the accounts used by real people as opposed to machine-based accounts with automatic activity. They also have to learn how humans are interacting with the cloud and with mobile. As the article states:
User behavior analytics can offer a ton of value on a number of fronts. Not only do these metrics offer visibility into potential insider threats, but they can also show early red flags for when accounts have been compromised by external attackers.
So my question is, if friendly hackers discovered vulnerabilities, how does that information mesh with behavior analytics as a way to add another layer to security detection and prevention?
It’s so easy to get caught up on the machine, software and tech side of security that we often forget the human element, both for good and for bad. We know humans are the ones developing the mechanisms of cybercrime, so now we need to figure out how humans can play a bigger role in preventing it.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba