Big Data Analytics Fights Insider Threats
Cyberdefenders for years have adopted Fort Apache strategies to protect their networks. Strong perimeters could prevent attackers from reaching precious data, they reasoned.
Root Cause of Threats
One way network defenders have tried to foil inside attacks is through better access controls. They not only have improved authentication of a person’s identity, but also have imposed limits on who has access to what on a system.However, Net marauders have found ways to authenticate themselves to systems with stolen credentials — and once in a system, to elevate their privileges so they can see the highest levels of confidential information.
To counter the antics of clever credential thieves, Gurucul has forged solutions that use big data analytics to create a context around everything connected to the network — users, accounts and devices.After studying the behaviors of who and what are being connected to the network, Gurucul’s system can establish a baseline of activity for them. If a user or device engages in behavior outside that baseline, more analysis is applied, based on dynamically created peer group behavior, as well as a stockpile of behavioral information gleaned from prior installations.
All that analysis is designed to reduce the probability of false positives in the system.
“Someone could be doing activity that’s not normal, but it’s not necessarily risky,” Nayyar noted. “That’s where the peer group comes in. If they’re behaving like their peer group, then there’s no reason to upgrade their risk.”Getting a handle on identity management within an organization is a very important component of intrusion protection, she added. “First and foremost, identity is the root cause of most modern day threats.”