Authentication-based attacks remain a primary concern for many of our clients no matter the size or sector of their organization. While knowledge of these threats has increased, understanding the risk factors – and how to remediate them – has not.
Most attacks are premised on stealing data for financial gain, and obtaining access is only the first step. Figuring out where valuable data is located, how it’s protected, and ultimately how to access it will take any infiltrator significant time. So, unsurprisingly, authentication-based attacks go undiscovered for more than 200 days on average. It seems obvious why: to get access to data, one needs a valid identity, and with a valid identity, log files (which is what most existing threat detection solutions are based on) have nothing anomalous to detect! This is why solutions are now starting to come to market based on ‘User Behavior Analytics’ (UBA). Over time, atypical behaviors trend, and UBA systems, in theory, will alert if deviation from an individual’s own – or their peer group’s – activity occurs.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.