For a long time, security pros were masters of using limited resources to flag risks, abnormal behaviors and potential threats. The past couple of years changed this game, as seemingly relentless data breaches prompted management staff to funnel budgets and technology solutions toward their security teams in hopes of improving breach response times and reactionary strategies. And yet, many companies still fail to meet the mark. Basic phishing scams thrive as IT services users overlook suspicious URLs and email addresses; attackers are becoming more innovative and capable of preying on an organization’s weak points; and staffing remains short, with Cisco’s 2014 Annual Security Report uncovering a need for nearly 500,000 to 1 million new IT security professionals to handle the modern enterprise risk climate.
Unfortunately, according to Nir Polak, co-founder and CEO of Exabeam, most organizations are approaching these issues from the wrong perspective. No matter how advanced security, information and event management (SIEM) tools become, security pros must back up their findings with data rooted in the company’s daily IT activities in order to glean valuable insights. If not, these tools will merely increase the volume of reports and notifications without providing security pros with the context needed to identify attacks before they wreak havoc and compromise private data.
Rooting your security strategies in user behavior analysis helps bypass these issues, and turns your company’s reactionary plans into proactive data maintenance. This slideshow features seven ways, identified by Polak, that you can apply these insights to your business, and an explanation of how each one protects employees, partners, customers and community.
Using Behavior Analysis to Improve Cybersecurity
Click through for seven ways organizations can apply behavior insights to improve cybersecurity, as identified by Nir Polak, co-founder and CEO of Exabeam.
Learn Who’s Really on Your Network
Guessing whether a user is a friend or foe to your business is a dangerous strategy when the entire company’s security is at stake. By monitoring how VPN users, supply chain partners and service providers access your network, and by comparing those usage patterns with credential behavior monitoring, you can easily identify risks and stop data breaches before they become a threat.
Receive and Respond to Critical Alerts
As your business recovers from a security threat, it may become clear that you missed a chance to stop the attack. Employees are often alerted to suspicious activities or potential risks, but they may overlook the warnings if they are buried in a flood of false alerts and minor notifications from the company’s SIEM system. Advanced detection capabilities that take behavior analysis into consideration help your employees wade through this data.
Accept and Prepare for Human Error
Security teams diligently sort through false positives and policy violations from employees in order to keep their companies’ intellectual property safe – so much that they can occasionally fail to recognize, or own up to, their own mishaps. Automated behavior analysis systems act as an ideal third-party opinion in these situations, as they identify miscalculations and issues without bringing previously settled issues or blame into the mix.
Avoid False Positives
For every 100,000 events in an IT environment, 100 may be malicious, while 99,900 are benign. Instead of wasting time sorting through these harmless events (and supporting that rising tide of notifications), admins should turn the SIEM cybersecurity funnel on its head. Using benign events to gauge and learn what is normal, security pros can analyze this data and gain context about the very factors that define an event as abnormal. In turn, they can halt abnormal or malicious events as soon as they occur.
Save Time and Wasted Energy
Nobody wins when security pros spend days completing a tier-three chore. Automated behavior analysis systems can identify anomalies and follow attackers across identity and IP switches, helping to prioritize the hundreds of thousands of alerts received by incident response teams after SIEM correlation delivers false-positive reductions. Instead of accepting this fate and wasting valuable time, security pros are empowered to work directly with credential owners and mitigate risks in minutes.
Gain Visibility Throughout an Attack Chain
Most detection efforts focus on the initial point of compromise, and data loss prevention (DLP) systems focus on data just before exfiltration. Recent data breach research tells us that attackers spend weeks or months performing activities identified as being in the “middle of the attack chain” – reconnaissance, performing privilege escalation, and adding their own accounts in an Active Directory. Last year, Target and Home Depot dominated the news with breaches set off by attackers who obtained third-party supplier credentials so that they could access company servers. Because this was perceived as normal traffic, the attacker went undetected for a long period of time. Rather than exclusively focusing on malware and security alerts, security professionals need visibility into what are abnormal behaviors performing normal actions — particularly from third-party suppliers and partner ecosystems.
Increase Departmental Cooperation
You don’t need to double your security staff to better protect your data. When employees save time with smarter solutions to chronic problems, their schedules open up and they can tackle projects, issues and long-term goals with more focus. User behavior analysis can help any security pro identify the right mix of budget, staff and strategy to solve problems with intelligence and drive results that improve business.