Identify stolen credentials to improve security intelligence
by Nir Polak - CEO of Exabeam - Friday, 6 June 2014.
Preventing data breaches shouldnít be a land war, but an intelligence one. While updating anti-virus signatures and investing in malware protection is obviously important, companies need to also maximize security intelligence. What makes this a challenge for IT security teams is that impersonating users will typically fly under the radar without a system in place to quantify security alerts or identify abnormal behavior. And with 10,000 alerts per day for the average U.S. company, with upwards of 150,000 for more active ones, itís easy to get desensitized. Target learned this the hard way, and it resulted in one of the biggest data breaches in history. The company received an alert to what was going on, but it got lost in the shuffle until it was too late.

With the abundance of information SIEM systems produce, big data security analytics can play an integral role in reducing data breaches. However, companies need a better way to detect valid versus invalid user behavior. IT security teams can make improvements by establishing a baseline of normal user behavior for all network access credentials. In tracking these users, businesses will know how and when they access IT assets. Once this has been determined, IT security teams will have a better method of detecting anomalies and determining how far they deviate from the norm. Of course, not every anomaly is cause for concern, which is why itís important to quantify these by identifying patterns of suspicious behavior.

Itís not a matter of if a company suffers a data breach, but when. While malware tools change, the tactical use of them to steal user credentials hasnít. Therefore, IT teams need to improve security intelligence to more quickly respond to attempted theft. Focusing on what happens after the point of compromise is where IT security teams can make significant progress in preventing breaches.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //