Page 41 - index
P. 41
People, Not Machines.” We believe that the growing attention to the devices and appliances that
form our networks has diverted security professionals from the true root for cyber-vulnerability:
the actual people behind sophisticated attacks and rogue usage of IT assets. Implementing a
“User-Centric” approach means that while continuing to patch, update and remedy, security
teams must focus their efforts at pinpointing the users that can potentially harm their network
infrastructure or try and steal sensitive data. While “Perimeter Security” promised to keep
intruders out and rogue insiders away, a new generation of cyber incidents is teaching us that
"out and away" doesn't necessarily mean prevention. Custom backdoors used to infiltrate the
networks in the Anthem breach and in the “Minduke” and “Aurora” APT campaigns are sore
evidence that with attackers’ technical advantage, more specific real-time intelligence is needed.
The one thing all these attacks had in common is that certified user-credentials were at some
point either stolen or abused in order to obtain actual access to a target resource.
Sound complicated? It’s much more simple and intuitive than you think. For example, one of the
first things to look for when seeking to implement the “User-Centric” approach are users whose
credentials have, for some reason, become compromised. This action will help profile the
different user groups that could potentially become vulnerable and be abused in an attack or
insider leak. The compromised credentials you will find are a prime target for malicious users
seeking a covert identity in which they can collect valuable information regarding the network.
Identifying compromised credentials is usually offered with many identity management and
SIEM products. The problem usually arises with accounts that fail to fit the exact standard pre-
defined profiles your vendor has set up. And that’s exactly where technologies such as Big-Data
Analytics, Machine Learning, and Behavior Analytics come in and offer a turning point.
Using collected system logs, a new layer of behavioral attributes can be added to the existing
security dataset. For example, continued behavior analysis and machine learning based
anomaly detection can provide the context and visibility to rule out or reaffirm a suspicion
regarding a specific user who is suspected to have been compromised.
The challenge facing CISO’s is not only to learn the market, but also to proactively seek the
products that can best fit the company’s unique threats. Organizations embracing the
advantages of better distinct cyber security and adopting the “User Centric” approach over
traditional “Perimeter Security” gain a crucial advantage in this showdown.
About The Author
Idan is the Chief Executive Officer and Co-Founder of Fortscale, a
provider of Big Data analytics-driven security solutions for Fortune 1000
companies. Before founding Fortscale, Idan was a lead agent of the
8200, the cyber warfare division of the Israeli Defense Forces. He is a
serial entrepreneur and recognized expert in the fields of cybersecurity
and threat intelligence. Idan can be reached online at
[email protected], https://twitter.com/fortscale, and at our company
website http://www.fortscale.com/
41 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
