The futility of SIEM projects and data fatigue is driving the need for data science with behavior analytics to detect threats and determine risk.
Knowing that often shared high privilege accounts (HPA) are a key target for cyber criminals, privilege access intelligence for HPA identities using operational and transactional systems is a must have defense.
Skilled resources and data scientists for security and behavior analytics are in short supply, how we package up the data science and provide usability determines widespread use and success.
Given most users have multiple identities and access accounts, the attack plane through phishing attacks for account access high-jacking is several fold larger than a user community making privilege access intelligence a priority.”
The world of one IP address or one system equating to a user are well behind us; our security strategies need to evolve around users and entities for the access, activity and behaviors exhibited.
We are crossing a threshold where the amount of data volume, velocity and variety surpasses what a set of skilled security analysts can monitor with basic data correlation tools, kill chain tracing, plus queries, filters and pivots.”
A key security challenge is merging identity access intelligence and user behavior analytics for a complete 360 degree view of users and entities for intelligence access roles, fraud prevention and insider threat deterrence.””
We have reached a point where signatures and sandboxing are being evaded by access and identity theft bringing in a new era of access intelligence and analytics.
Active Directory (AD) and access tools become overloaded with identities and groups, to the point where a manufacturing hi-tech firm eliminated 83% of their access accounts to reduce risk and protect intellectual property.
Hi-Tech Network Equipment Manufacturer
Assuming that security analytics is a small shift from network and operations alert, event and log monitoring is missing the opportunity to use identity as threat plane.
Security analytics is larger than one department, users can be deputized to review self-audits on access intelligence, business level users can view dashboards, timelines, and risk scores, while IT can maintain policies, rules and actions. For advanced use cases, the behavioral algorithms and risk models themselves can be maintained. The value stems from the user to data scientist across organizational boundaries.
Behavioral analytics is uncovering the unknown and bringing us into the realm of predictive risk modeling.”