Identify stolen credentials to improve security intelligence
by Nir Polak - CEO of Exabeam - Friday, 6 June 2014.
Preventing data breaches shouldnít be a land war, but an intelligence one. While updating anti-virus signatures and investing in malware protection is obviously important, companies need to also maximize security intelligence. What makes this a challenge for IT security teams is that impersonating users will typically fly under the radar without a system in place to quantify security alerts or identify abnormal behavior. And with 10,000 alerts per day for the average U.S. company, with upwards of 150,000 for more active ones, itís easy to get desensitized. Target learned this the hard way, and it resulted in one of the biggest data breaches in history. The company received an alert to what was going on, but it got lost in the shuffle until it was too late.

With the abundance of information SIEM systems produce, big data security analytics can play an integral role in reducing data breaches. However, companies need a better way to detect valid versus invalid user behavior. IT security teams can make improvements by establishing a baseline of normal user behavior for all network access credentials. In tracking these users, businesses will know how and when they access IT assets. Once this has been determined, IT security teams will have a better method of detecting anomalies and determining how far they deviate from the norm. Of course, not every anomaly is cause for concern, which is why itís important to quantify these by identifying patterns of suspicious behavior.

Itís not a matter of if a company suffers a data breach, but when. While malware tools change, the tactical use of them to steal user credentials hasnít. Therefore, IT teams need to improve security intelligence to more quickly respond to attempted theft. Focusing on what happens after the point of compromise is where IT security teams can make significant progress in preventing breaches.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th