Organizations face several threats directed towards their IT infrastructure primarily with the purpose to exfiltrate sensitive data or defame the organization. The primary threats as indicated by organizations in a recent survey of over 25 global banks include:
- Malware on customer’s machine
- System Breach by an outsider
- A breach at a third party provider
- Insider system Breach
- Lost/stolen device
- Phishing attack
As seen from the survey results above, attacks launched by using legitimate credentials pose the highest threat to the security of an organization. These attacks may be launched by employees, vendors, outsourced operators or even external perpetrators that have managed to get access to these credentials. The study of recent targeted attacks against government and commercial organizations, reveals that external perpetrators now use social engineering and sophisticated malware to gain access to the credentials of valid accounts. Since organizations have not implemented sophisticated tools capable of monitoring and detecting behavioral changes for legitimate access, these attacks often go unnoticed.
Behavior Based Detection
Securonix provides innovative behavior based techniques in conjunction with peer group analysis techniques to detect any variation in normal patterns for access and usage of internal data sources. By comparing not only historical usage, but usage of colleagues and team members also, the Securonix solution is able to remove the noise associated with incremental changes in user behavior.
Detect Insider Threats
Insider attacks are typically covert in nature. In most instances, the perpetrator wants to remain in stealth mode sniffing and collecting sensitive data that must be exfiltrated. The data that the attacker seeks, is rich information such as customer private records, credit card data, research and development designs, business strategy and other business-sensitive information that, if compromised, could cause considerable damage to the company, its place in the industry, and its relationship with consumers or investors. Insider attacks are difficult to detect and traditional signature based techniques are often inaccurate and inefficient ways of identifying these types of attacks.
Another variant of an insider attack, is that of omnipresent occupational fraud, that costs companies billions of dollars each year. Occupational fraud may involve the simple stealing of office supplies, through to advanced schemes as evidenced in the rogue trader Jerome Kerviel who racked up trades worth 7 billion dollars.
Protect Intellectual Property
In 2008, several well-known oil industry companies were victims of significant breaches aimed at stealing bid data. For the oil and gas industries, this information could include anything from software source code to actual valve settings. Bid data, and other sensitive information, enables companies to remain competitive in the global marketplace. Cyber criminals infiltrated these companies utilizing highly specialized malware and stole e-mail passwords, messages, and associated corporate data tied to C-level executives.
Incidents like these are not uncommon in todays competitive landscape. Organizations needing to protect their intellectual property, must employ more sophisticated techniques that adapt to the changing threat landscape.
Prevent Data Breaches
Large organizations typically house large repositories of sensitive data – credit card, customer personal data, employee confidential data, innovations, business strategies, sales proposals and even internal memos and emails. Cyber criminals thrive on looting this data for financial gains. It does not take much for a cyber criminal to use social media to find the employee profiles on the internet that may have keys to this treasure chest. A simple exercise of social engineering followed by an email to the intended target and the perpetrator has just left harmful software code lurking in the organization’s network seeking valuable data for exfiltration.
Since most security tools operate on known signatures to find potential malware, it is quite easy to get around these technologies. The only answer to adaptive attacking techniques is adaptive security techniques that learn and adapt to the changing environment.
Threat forensics is key, to understanding the true patterns, of access and activity based attacks and data breaches. By developing a detailed and contextual view of the attack vector, you can more easily develop policies, counter-measures and incident response processes to help mitigate and ultimately remove the threat.
By creating a 360 degree view of user access and activity behavior, the Securonix solution helps to identify the potential for abnormal activity, but also help investigate post operative incidents by providing detailed analysis techniques, reporting and contextual data.