Most security attacks can be readily identified after the fact, once it becomes clear that some set of credentials is being used to access files in a way that they normally are not. The ideal goal would be to identify those patterns of abnormal behavior before a security breach can be seriously exploited.
With that goal in mind, a startup vendor called Exabeam announced today that it has developed a namesake behavior intelligence platform that can be layered on top of existing security information event management (SIEM) systems or other sources of Big Data.
Announced at the Splunk User 2014 Conference, Mark Seward, vice president of marketing of Exabeam, says the vast majority of security breaches involve outsiders that have compromised end-user credentials to begin accessing files that those end users would normally not need to use in the performance of their duties.
Leveraging Big Data analytics and machine learning algorithms, Seward says Exabeam is specifically designed to track user behavior, and detect and qualify threats not normally recognized by a SIEM. That approach, says Seward, enables Exabeam to establish what the normal end user behavior patterns are for any given enterprise. When changes to those patterns occur, Exabeam then alerts the IT organization in a way that provides context.
Seward says it’s not that IT organizations don’t have access to enough security information these days. It’s just that so many of the alerts generated by security products are not correlated in any way that gives the IT organization access to actionable intelligence. The end result is a general sense of fatigue when it comes to IT security that results in the IT staff ignoring many of the alerts because there is no accompanying insight.
No matter whether it’s Target or Home Depot, Seward says that once a breach is made, the key task at hand is finding a way to contain it. Rather than discovering those breaches months, sometimes even years, after they were made, Big Data analytics can now finally be applied in a way that identifies anomalous end-user behavior much sooner.