We had a great week at RSAC 2019, and a highlight of the week was a well-attended CISO roundtable moderated by the original CISO, Steve Katz. We can’t divulge what was discussed, but we can tell you there was a heated conversation about risk. At some point during the conversation, Steve made the comment, “Look at risk as more of a compass than a watch.” A wise observation. Do you know where you’re headed as you map out your risk mitigation strategy?
Start with the Highest Risk Users and Entities
The biggest opportunity to reduce risk is to focus on securing your highest risk users and assets. Privileged users and accounts have the “keys to the kingdom” so you absolutely need to lock them down. If you don’t have a privileged access management (PAM) product, get one. PAM puts privileged accounts in a vault and requires privileged users to check in and check out passwords. You have an audit trail for compliance purposes, but you still need to monitor what privileged users are actually doing. Session recording does not scale, consumes an obscene amount of storage, and can’t catch malicious activity in real time. Luckily, new technologies leveraging data science and big data eclipse these solutions. You need a security analytics product since insider threats and zero day attacks cannot be detected without one.
Behavior based security analytics powered by machine learning will detect anomalous behavior associated with privileged users and assets in real time, and alert you to risky activity. In this way, you can stop data from being exfiltrated or corrupted. Security analytics also detects if privileged accounts have been compromised by cyber criminals. It will notice atypical behaviors – impossible to detect at scale without machine learning – so you can get ahead of the threat. Outsiders need to search for critical data and assets so their lateral movement will be uncharacteristic. Security analytics finds odd behaviors indicative of true risk and raises alerts so you can take immediate action.
Implement Risk-based Controls
Let’s take this to the next level. Let’s say you don’t have to take action. Instead, what if you could automate the action you would have taken manually? Here’s where security analytics gets really interesting and becomes a game changer. The premise behind Gurucul’s security analytics platform is to provide risk scores so you can implement risk-based controls. We take structured and unstructured data feeds from every possible security and identity product – SIEM, PAM, DLP, EDR, AD/LDAP, SAP, Salesforce, EPIC, etc. (even proprietary business applications) – and generate a unified risk score for every user and entity in your organization.
Do not discount the value of that unified risk score. Your disparate applications may perform analytics on their siloed data, but all that gives you is a distorted and incomplete view of risk. For example, your PAM solution may say user Monroe is a high risk user. Your IGA product rates him as medium risk. And, your SIEM sees him as low risk. Which platform are you going to believe? We aggregate all those disparate data feeds to give you a holistic view of that user (or entity) across all your applications and systems. Our security analytics gives you risk prioritized intelligence.
Why is that important? It’s important because you can focus on the highest risk users and entities in your organization. It’s all about risk and these unified risk scores are invaluable. We put a value between 1 and 100 on people and assets. There’s a colossal amount of data science, machine learning and analytics that goes into generating that value or risk score, so it’s a number you can depend on. It’s the difference between maybe and definitely. You can definitely trust this risk score. With that trust in place, you can confidently implement controls based on that risk score.
Remove Friction with Risk Based Authentication
Here’s an example, just one of hundreds. We have customers using our risk score to reduce friction for consumers. Everyone hates passwords. You use the same password or a version of that password for virtually everything. That’s definitely not a best security practice. But we can’t change consumer behavior. We can, however, mitigate consumer risk. Here’s where security analytics shines. Low risk consumers accessing low risk assets authenticate without friction. The consumer’s risk score is low. The asset risk score is low. Just let it go. On the other hand, high risk users accessing high risk assets are required to jump through flaming hoops to gain access – MFA, pin code, etc. The risk score dictates the control. So cool, so smart, and so easy to do with our security analytics platform. It’s called Risk Based Authentication. Check it out!
Execute Continuous Risk Mitigation
Risk is not something you stop. From an information security perspective, you can’t say, “our risk is over.” Risk isn’t a yes or no, it’s not something you can turn on or off. All you can do is put in place strategies and tactics to reduce risk. This is why you cannot have a point in time where you can accurately say, “we are risk free.” You must have a continuous risk mitigation strategy because there are always bad actors looking for new ways to infiltrate your borderless perimeter.
Acknowledge Time Is Not on Your Side
Right now, criminals and malicious insiders are executing cyber attacks at machine speed. You don’t have time to waste. You need to act now, and you need the right products, people and processes. Also, you need a good partner. We are here to help. And, we offer an amazing process for quick starting your security analytics program. Give us five days and we’ll give you fast results. Contact us today to get started.