Identify stolen credentials to improve security intelligence
by Nir Polak - CEO of Exabeam - Friday, 6 June 2014.
Preventing data breaches shouldn’t be a land war, but an intelligence one. While updating anti-virus signatures and investing in malware protection is obviously important, companies need to also maximize security intelligence. What makes this a challenge for IT security teams is that impersonating users will typically fly under the radar without a system in place to quantify security alerts or identify abnormal behavior. And with 10,000 alerts per day for the average U.S. company, with upwards of 150,000 for more active ones, it’s easy to get desensitized. Target learned this the hard way, and it resulted in one of the biggest data breaches in history. The company received an alert to what was going on, but it got lost in the shuffle until it was too late.

With the abundance of information SIEM systems produce, big data security analytics can play an integral role in reducing data breaches. However, companies need a better way to detect valid versus invalid user behavior. IT security teams can make improvements by establishing a baseline of normal user behavior for all network access credentials. In tracking these users, businesses will know how and when they access IT assets. Once this has been determined, IT security teams will have a better method of detecting anomalies and determining how far they deviate from the norm. Of course, not every anomaly is cause for concern, which is why it’s important to quantify these by identifying patterns of suspicious behavior.

It’s not a matter of if a company suffers a data breach, but when. While malware tools change, the tactical use of them to steal user credentials hasn’t. Therefore, IT teams need to improve security intelligence to more quickly respond to attempted theft. Focusing on what happens after the point of compromise is where IT security teams can make significant progress in preventing breaches.


Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jan 30th