CyberEdge recently released the 2016 version of the Cyber Threat Defense Report (CDR) and new in the results this year is ranking User Behavior Analytics (UBA) third for Must Have Network Defense Investments. However, there is more to the security story in the call out highlights below.
- Rising security budgets and dwindling optimism where 62% surveyed expect their organization to fall victim to a cyber security attack. The era of a perimeter defended by rules, signatures and patterns is showing its age. At the root of modern threats is the compromise or misuse of identity; it is a new perimeter and threat plane to address. To make matters worse, most companies manage identity with legacy roles, manual processes and AD is often ill maintained. Cyber crime and insiders strike at the weak points.
- Reducing attack surface area is important, and the report notes NAC for network surface area reduction. However, what about the attack surface area for identity with accounts and entitlements? The Verizon DBIR 2015 notes that over 50% of web application attacks involve compromised access credentials, or account hijacking. Gurucul worked with a financial customer and reduced their identity attack surface area by over 80%. What are you doing today to reduce excess access risks and access outliers?
- Monitoring privileged access users is a challenge as only 30% surveyed feel than can adequately monitor High Privilege Access (HPA) accounts. These accounts are the keys to the kingdom and are often shared to add more risk. Reducing excess access risks and detecting abuse for HPA accounts is step one, the larger issue is addressing identity as a threat plane for all accounts. The methodology has two parts, clean up your identity access and then predict and detect unknown threats using identity as a threat plane.
- Leveraging CASB solutions for cloud app data protection is another report highlight, plus many firms are blind to SSL-based threats lacking inspection tools. An API-based Cloud Access Service Broker (CASB) solution leveraging user behavior analytics protects data, detects access abuse, account hijacking and insider threats. Users are not required to pass through a proxy, enabling them to use mobile devices on any network to be productive for key infrastructure cloud apps. Plus the User Behavior Analytics solution should cover on-premises and cloud apps with a hybrid behavior analytics architecture on a big data infrastructure of choice.
- Inadequate endpoint defenses where 86% surveyed are looking to replace current solutions, plus BYOD programs are receding while mobile devices and social apps are perceived leading security weaknesses. The microenvironment of the endpoint is shifting from prevention towards detection and response, however it also needs to map into the macro environment of security data analytics including User Behavior Analytics. Full context leveraging big data infrastructure and machine learning algorithms is the force multiplier that brings it all together.
- Employees are still to blame was a top inhibitor for effective defenses in the CDR report, plus a low level of security awareness alongside too much data for cyber security teams to analyze using ineffective security solutions. Hard not to read change in these conditions and one example is providing Self Audits for employees for deterrence and detection of insider threats and account compromise. This innovation came from a Gurucul customer, a forward thinking CISO that other CISOs are now expanding its use to partners and customers with identity-based access to their environments.
In summary, the CDR notes that user centric security including User Behavior Analytics, plus CASBs are top growth areas and we at Gurucul could not agree more. Step back and review how you secure identity as a perimeter and threat plane. Once a user logins in, what user behavior analytics are you leveraging, and have you reduced your excess access risks and access outliers?