Cyber Security – ‘Proactive’ Not Reactive

Behavioral Analysis-the next big thing in proactive Cyber Security

Cyber threat continues to evolve and disguise itself through ingenious techniques evading the traditional information security programs. The various anti-virus software are not adequate solutions to the problem. Fighting Advanced Persistent Threats (APTs), as they are known today requires a proactive approach and continuous monitoring enriched with actionable cyber intelligence.

Advanced Persistent Threat (APTs) – Modern version of traditional espionage

Unlike traditional malware, APTs can rarely be detected and do not trigger any alerts that would indicate that there is an incident occurring within the enterprise. They can covertly embed themselves into an organization’s environment and establish a way to come back later and steal additional data, and yet remain undetected by their victim.

Today, diversity of threat mirrors the diversity of devices

In today’s business environment, disruptive technologies such as cloud computing, social computing and next-generation mobile computing, as well as the interconnections between corporate networks, are fundamentally changing how organizations use information technology for sharing information online.

The Internet of Things (IoT) concept that embedded computing devices with Internet connectivity embraces a wide range of devices, including digital home thermostats, smart TVs, car systems (such as navigation, entertainment, and engine management computers), networking devices, smart watches, and activity trackers.

According to a study done by HP which reviewed 10 of the most popular IoT devices, 80% of those raised privacy concerns, 70% used unencrypted network service and 60% were vulnerable to a range of issues such as persistent XSS and weak credentials.

Healthcare is the prime target

The Healthcare industry continues to be the prime target and has experienced a substantial increase in security incidents. During 2015, there were 253 reported breaches (up 50% Y/Y), most across sectors for fifth year in a row.  The primary target is medical identity theft by maliciously accessing patient medical information.

Unfortunately, for the most part, the healthcare industry is not prepared to face today’s cybersecurity risks, be it hospitals, pharmaceutical or biotech companies, medical device manufacturers, health insurers, national health agencies, or employers.

Behavioral Analysis can help protect assets from this burgeoning threat

With behavioral analysis in place, if the system the attackers used to access the database had never accessed the database previously, technologies from the networks would have immediately issued an alert for abnormal behavior. On the other hand, if the compromised system were previously known to the database, then behavioral analysis could be easily employed to identify abnormal activities and volumes of database queries.

Anthem, the American Health insurance company, which uncovered one of the largest Personally Identifiable Information (PII) data breaches in history (80 million records) in early 2015, could have prevented it by intelligent continuous monitoring and behavioral analysis.

After the Anthem breach, another large financial service company simulated the situation and tested the ability of behavioral analysis technology to detect it. As expected, behavioral analysis was successfully able to detect the installation of “backdoor” malware the moment it began to communicate, in addition to the unusually large volume of administrator traffic to the database, standing up to the expected efficiency.