Identify stolen credentials to improve security intelligence
by Nir Polak - CEO of Exabeam - Friday, 6 June 2014.
Preventing data breaches shouldnít be a land war, but an intelligence one. While updating anti-virus signatures and investing in malware protection is obviously important, companies need to also maximize security intelligence. What makes this a challenge for IT security teams is that impersonating users will typically fly under the radar without a system in place to quantify security alerts or identify abnormal behavior. And with 10,000 alerts per day for the average U.S. company, with upwards of 150,000 for more active ones, itís easy to get desensitized. Target learned this the hard way, and it resulted in one of the biggest data breaches in history. The company received an alert to what was going on, but it got lost in the shuffle until it was too late.

With the abundance of information SIEM systems produce, big data security analytics can play an integral role in reducing data breaches. However, companies need a better way to detect valid versus invalid user behavior. IT security teams can make improvements by establishing a baseline of normal user behavior for all network access credentials. In tracking these users, businesses will know how and when they access IT assets. Once this has been determined, IT security teams will have a better method of detecting anomalies and determining how far they deviate from the norm. Of course, not every anomaly is cause for concern, which is why itís important to quantify these by identifying patterns of suspicious behavior.

Itís not a matter of if a company suffers a data breach, but when. While malware tools change, the tactical use of them to steal user credentials hasnít. Therefore, IT teams need to improve security intelligence to more quickly respond to attempted theft. Focusing on what happens after the point of compromise is where IT security teams can make significant progress in preventing breaches.

Spotlight

Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jul 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //