How data science fights modern insider threats

How data science fights modern insider threats

How data science fights modern insider threats

Insider threats are the biggest cybersecurity threats to firms, organizations and government agencies. This is something you hear a lot at security conference keynotes and read about in data breach reports, white papers and surveys — and these insider threats are becoming increasingly more difficult to detect and prevent, as well as more frequent.

This seemingly unstoppable growth accentuates the problem and shortcomings of current solutions, and warrants the need for new defensive technologies to detect and stop the digital daggers aimed at our backs.

data science — the application of mathematics, big data analytics and machine learning to extract knowledge and detect patterns — is an emergent, advanced technology area that is proving its effectiveness in the realm of cybersecurity, including fighting insider threats. Here’s how it succeeds where legacy solutions fail.

The wide adoption of cloud services and mobile technology in companies has transformed IT infrastructures considerably.

With physical boundaries of corporate networks and digital assets not as clearly defined as they once used to be, the focus in fighting insider threats needs to shift toward protecting user accounts. “Now that the traditional security perimeter has been erased by mobile and cloud computing, identities have become both an attack vector and security perimeter,” says Tom Clare, VP of marketing at cybersecurity startup Gurucul.

Read Also:
Why metadata should not live forever

“What has changed recently is the fact that control of user accounts has become far more valuable than control of devices,” says Jarno Niemelä, lead researcher at F-Secure Labs. “Years back, we were fighting against keeping computers clean from infection just to keep the computers clean. Nowadays, we are protecting computers just to be able to protect the user accounts that are on the computer.”

Organizations try hard to protect user identities by adopting different security solutions and training employees on the basics of cybersecurity, but it’s not enough.

“Good data hygiene is critical, but it is not enough,” says Stephan Jou, CTO at Interset. “A negligent employee is unlikely to change regardless of training, and a third-party attacker often can operate outside employee-focused processes. More importantly, the insider stealing for espionage is motivated to break rules.”

The truth is that credential theft does happen, and it happens a lot. In fact, a Verizon 2015 data breach report found that the majority of confirmed security incidents occur as a result of compromised user accounts. Massive lists of user credentials and passwords are being sold on the Dark Web at low prices, and, for a small fee, anyone can obtain access to all sorts of enterprise networks and cloud services, and impersonate legitimate users.

Read Also:
Pushing data quality beyond boundaries

Therefore, fighting insider attacks hinges on detecting anomalous user behavior. But this again presents its own set of challenges, because defining normal and malicious behavior is not an exact science and involves a lot of intricacies.

Traditional security defenses rely on setting static rules and alerts on user activities in order to define and identify indicators of compromise (IoCs). But when applied to tens, hundreds and thousands of users, this model ends up generating a noisy flood, and security teams have to struggle with wasted time and must sort through tons of unimportant events that are mostly false positives. Meanwhile, actions don’t necessarily explain intents, and savvy attackers will be able to cloak their malicious activities by keeping them within the defined set of rules.

The use of data science can help move away from static models toward dynamic ones that are able to define normal user behavior based on identities, roles and working circumstances. This approach is very effective in reducing false positives and highlighting behavior that truly accounts for malicious activities.

Read Also:
The internet of things and the future of logistics

Cybersecurity firms are increasingly leveraging this technology to deal with insider threats.

 



Sentiment Analysis Symposium

27
Jun
2017
Sentiment Analysis Symposium

15% off with code 7WDATA

Read Also:
The Periodic Table of Data Science

Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

28
Jun
2017
Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

15% off with code 7WDATA

Read Also:
These Healthcare Data Companies Earn Millions by Making Employees Healthier, Saving Their Employers Boatloads of Money

AI, Machine Learning and Sentiment Analysis Applied to Finance

28
Jun
2017
AI, Machine Learning and Sentiment Analysis Applied to Finance

15% off with code 7WDATA

Read Also:
Hortonworks unveils big data scorecard

Real Business Intelligence

11
Jul
2017
Real Business Intelligence

25% off with code RBIYM01

Read Also:
Big Data Realization: We are in transition phase

Advanced Analytics Forum

20
Sep
2017
Advanced Analytics Forum

15% off with code Discount15

Read Also:
How to combat financial fraud by using big data?

Leave a Reply

Your email address will not be published. Required fields are marked *