Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, June 04, 2013

Understanding Risk in Real-Time: Where Will Your Next Breach Come From?

Three out of four intrusions exploit weak or stolen (but otherwise legitimate) credentials, and another 13 percent result from misuse of information by privileged users, according to Verizon’s 2013 Data Breach Investigation Report. The solution is harnessing the big data in the trillions of access relationships — the ever-changing information related to who is accessing what resources for what purpose — to better understand what is really going on. As Gartner says, “[Big Data] is a class of information processing problem that, due to the volume, velocity, variety and complexity of the data, requires different approaches to support analytics to derive cost-effective, timely, business-relevant insight.” While big data has been used effectively by line of business to analyze customer purchase behavior, inventory turns, or other critical data, it also offers tremendous promise for IT security to manage business better.

This is where predictive analytics come in — the same technology that an online retailer might use to better target product offers to customers based on recent buying behavior, for example. Consider a salesperson that might have the right to download an entire customer database, but if he does it at 2 a.m. on a Sunday morning from his home office, this might raise a few questions. By identifying patterns or anomalies from “normal” — and serving them up in graphical profiles — security staff have a never before seen, real-time view into potential risk.

Here’s the key point: with this new approach, risk is assessed from live data, not anticipated scenarios that have been coded into the system, alerting security staff to actions already defined as “bad.” Real-time, predictive analytics lets companies truly understand where their greatest risks lie by harnessing existing company data to sound alarms before a loss – when the risk around an individual or resource spikes.

By having a way to analyze risk associated with user access on a continuous basis, companies can truly understands who someone is, what they should access, what they are doing with that access and what patterns of behavior might represent threats. With this insight, companies will also have a better understanding of where their next breach could take place, and whether that threat is internal or external.



Posted on 06/04