The Solution to Combat System Breaches

Gary Rollie

Sr. Technical Architect

May 09, 2016

Protecting systems has never been more challenging. Boundaries for systems are blurring due to the merging of on-premise and cloud applications with the unintended consequence of a company’s security perimeter becoming compromised. Yet ultimately, employees represent the highest vulnerability and are the main source of company breaches. Access is their weapon. Even the best defenses will eventually be defeated by internal users – either unknowingly or maliciously – working against the interests of an organization. People with access are targets of external and internal forces with intent to steal, hamper or destroy business property. Specific threats of breaches include: data leakage, theft of intellectual property, personal health information, payment card information, or other confidential data.

Therefore, if people are the problem, then how can companies thwart breaches without hampering business transactions? Companies that adopt overly cumbersome security policies risk impeding commerce and affecting productivity. An innovative and effective solution is to monitor user behavior to evaluate normal versus abnormal individual usage. Technological solutions are available to assess such patterns of activity and identify unusual events which facilitate quick remediation when required.

Behavioral scientists have long observed human behavior and their response to various sets of conditions is surprisingly predictable. Behavior within organizations is not that different. Employees generally perform similar tasks each day and their past performance usually determines future behavior. While some activities deviate slightly as innovators and change agents exist within every organization, most employees are predictable.

Behavior analytics is based on a simple concept: identify incongruous behavior amidst a plethora of habitual patterns. The major challenge is that the volume of data organizations generate is overwhelming. Although the human brain is designed to identify patterns, the information involved within modern organizations is so vast and constantly evolving that it is impossible for a human to pinpoint slight alterations in real time. Thus, the latest technology in behavior analytic platforms identifies odd or unusual behavior with comprehensive accuracy and reliability. This type of innovative analytic capability is a game changer for the Security Operation Center (SOC) analyst.

User Behavioral Analytics (UBA) or User Entity Behavior Analytics (UEBA) as called by Gartner represent critical technological advancements in protecting systems from breaches by providing evidence-based assessments of potential threats as they occur within a system. This empowers an SOC analyst with the ability to easily filter through vast amounts of information and make informed decisions based on the normalcy versus abnormality of behavior. UBA provide companies with a transition away from a reactive breach response method to a proactive and predictive response mode.

The final, yet crucial, component of securing systems is to categorize employees based on their internal access to information. This reduces the threat plane that currently exists in many business operations. For example, employees with extended tenure – that held multiple positions within an organization – tend to accumulate access as a normal process of their employment. These types of accounts represent a significant risk to the organization if they are compromised. Thus, reducing the user access and entitlement surface area facilitates a decrease in the overall threat of breaches through compartmentalization.

In this way organizations limit the amount of damage caused by an account compromise. However, this critical process only begins after gaining an understanding of what constitutes normal usage of the user’s access and the threat plane can then be reduced. Gurucul integrates both user behavior analytics along with identity and access intelligence to help organizations manage their systems security effectively and reduce risk without impacting productivity. Many organizations can’t achieve this on their own because they lack the tools for understanding and seasoned expertise for implementation which is required for assured success. To learn more about Gurucul’s solutions read: