User Patterns: The Real Hole in Threat Detection
The ability to detect and prevent threats stands at the center of most organizations' security posture. Gartner recently announced that companies now see technology security and compliance as a strategic item, no longer relegated to the tactical. This is with good reason.
Average Security Breach: 263 Days Undetected!
The average breach goes 263 days before detection (no, that's not a misprint). That same breach (again, on average) costs a cool $3.5 million per incident based on lost revenue, productivity, remediation costs and penalties. Worldwide, this represents a $500 billion problem.
Given the gravity of the financial repercussions, companies are scrambling to pour money into preventive technology and compliant systems, process and procedures. It's hard for a CFO to say no these days to plugging a real or perceived gap in security. There's a hole that many are missing, however, and it's an area that is starting to move to the forefront of security conversations.
Trusted vs. Untrusted
We've all heard the story of the HVAC technician's admin password being stolen and used. There are countless other breaches just like this one. How to stop it? Typical procedures and process include better management of subcontractors and more rigid password expiration policies. But that really is just the tip of the iceberg.
Eighty percent of incursions happen using regular, generic IT tools and a stolen password. Smaller companies that work with larger ones are used as a beachhead to gain access. What we need is much deeper investments and technology around predictive pattern analytics.
Consider this. Would you design a physical security system allowing thousands of employees carte blanche access to sensitive or valuable items - even say a bank vault - without watching to see if their ID actually matches their face if they have a handful of cash? Heck no! But that's what IT systems have been built on: trusted and untrusted. User accounts are connected to the user.
Following the User, From A to F
To make leaps in our ability to prevent security breaches, we need to analyze quantifiable patterns. Picture a normal user who logs in between the hours of A and B (on average) and accesses system C. He or she usually takes a lunch that is D in length, and logouts between E and F at the end of the day. There are even quantifiable metrics around how quickly they hit the keys on a keyboard to type their password, and the location from which it happens.
By storing, analyzing and - most importantly - alerting security personnel on user patterns, we will be in a much better position to prevent, detect and more quickly remediate threats.
For an overview on security requirements specific to compliance regulations, such as PCI, HIPAA HI TECH, CJIS, and others, view this infographic.Ready for a longer read? Check out Concerto's eBook, Breaches and the Boardroom - Lessons Learned in Cybersecurity