Account Compromise is one of the most common methods of attack behind many data breaches. Attackers find and then exploit the accounts they need to covertly access systems with sensitive data. The attacker leverages his appropriated access to appear like a legitimate user on the network.
Big Data is made up of structured, semi-structured and unstructured data sets. These data sets are difficult to process using traditional database and software techniques because the data is too big, moves too fast or surpasses current processing capacity. Security analytics technology is essential for processing big data.
Data Exfiltration is the end goal of cyber criminals. It’s the unauthorized transfer of data from a computer by malware and/or a malicious actor (also called data theft).
Data Lakes are different than data warehouses. Big Data takes in large volumes of data from multiple sources and pours it into one data lake. The information sits unfiltered, unprocessed and unstructured. Security analytics technology can extract knowledge from the data lake via machine learning to expose predictive patterns and insights.
Data Science is the application of mathematics, big data analytics and machine learning to extract knowledge and detect patterns. It is an emergent technology area in the realm of cybersecurity, particularly for fighting insider threats.
Fraud Analytics is an advanced cybersecurity solution that uses machine learning algorithms instead of relying on manual hunting, known fraud patterns and threat policies or rules to detect fraudulent acts. Behavior-based fraud analytics uses advanced linking algorithms to correlate cross-channel activities related to user, account, device, location and business transactions.
Identity Analytics is an evolution of the Identity Governance and Administration (IGA) software field. IAM professionals use this emerging technology, which combines big data with security analytics, to increase identity-related risk awareness. Identity analytics surpasses human capabilities by leveraging machine learning models to define, review and confirm accounts and entitlements for access. It uses dynamic risk scores and advanced analytics data as key indicators for provisioning, de-provisioning, authentication and privileged access management.
Insider Threat is a threat that organizations face from within their own networks. They are difficult to detect and stop because insiders already have access to sensitive information and know how to retrieve it. Conventional perimeter security and rules-based security tools cannot stop the insider threat because insiders are not a known threat. The insider threat can be current employees, former employees, or third-party vendors and contractors. Insider threats can be either malicious or accidental.
IoT (Internet of Things) Cybersecurity is the practice of safeguarding connected devices and networks. IoT is essentially an interconnected array of physical devices that are linked by the Internet, allowing them to transmit and receive data. Securing IoT devices is a complex issue, involving the able to discover all of the connected devices on a network and then monitoring them to identify suspicious or anomalous behaviors that could indicate a threat.
Log aggregation is the practice of consolidating log files throughout the IT infrastructure into a centralized platform for the purpose of organizing the data for review and analysis. It’s a key step in the process of producing real-time insights into application and device security.
Machine Learning (ML) provides systems with the ability to automatically learn and improve from experience without being programmed. ML algorithms ingest data feeds and turn raw data into risk prioritized intelligence. In security analytics, machine learning happens in real-time, on big data, across all users and entities in the network.
MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) is a continuously growing document of threat tactics and techniques that have been observed from millions of cyberattacks on large networks. The ten steps in the MITRE ATT&CK are initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection and exfiltration.
Model Driven Security is a process to achieve machine-based reaction time to critical cyber threats. In model driven security, instead of relying on humans to make control changes through a console, algorithms and machines make those changes in real-time. It’s a constant process of responding to new cyberattacks in a timely enough manner to mitigate risks.
Network Traffic Analysis applies behavioral analysis to network traffic to detect suspicious activities that traditional cybersecurity tools miss. Network traffic analysis continuously analyzes raw network traffic using machine learning and artificial intelligence. When abnormal network traffic patterns are detected an alert is raised and the threat can be mitigated.
Security Analytics leverages machine learning and behavioral anomaly detection to protect critical assets and data on the network. It automatically collects, aggregates, correlates and analyzes data from disparate sources to produce actionable threat intelligence. Security analytics is used to detect and stop malicious behavior before cyber criminals or insider threats can cause harm.
SIEM (Security Information and Event Management) provides analysis of cybersecurity alerts generated by applications and network hardware. SIEMs are effective at identifying and stopping previously classified, known cyber threats. But SIEMs are criticized for their inability to block unknown threats – like zero-day attacks and insider threats.
SOAR (Security Orchestration and Response) allows organizations to collect data about cybersecurity threats from multiple applications and respond to those threats without human interaction. SOAR consists of vulnerability management, incident response and security automation.
Threat Intelligence provides the data that cybersecurity professionals need to make informed decisions about their cyber defenses. The most effective threat intelligence solutions provide proper context by quickly analyzing new alerts, filtering out false positives, and generating real-time data about actual threats.
Threat hunting is the cybersecurity practice of proactively searching for known cyber threats on a network. Threat hunting combines innovative technology, skilled cybersecurity personnel, and threat intelligence to find stealth attacks in the IT environment that bypassed conventional endpoint security tools.
UBA (User Behavior Analytics) is the tracking, collecting and assessing of user data and activities. UBA solutions analyze data logs to identify patterns caused by user behaviors, both normal and malicious. UBA provides cybersecurity teams with actionable insights so that they can mitigate threats.
UEBA (User and Entity Behavior Analytics) focuses on the automated detection of known and unknown security risks and threats that signature and rules-based security solutions cannot identify. UEBA uses behavior analytics powered by machine learning to automate data collection and generate risk-scored intelligence for each user and entity on the network.
Zero Trust Architecture centers on the belief that organizations should not trust anything either inside or outside the network perimeter. Instead, the zero trust model stresses that everything and everyone attempting to connect to systems must be verified before granting access. In a zero trust environment, organizations are able to monitor the entire IT environment for signs of malicious activity.
Zero-Day Exploit is a cyberattack that occurs on the same day that a vulnerability is discovered in a software product. It’s then exploited by attackers before a fix for the vulnerability is available. Zero-days are dangerous because they’re new threats that cannot be stopped with signature or rules-based security tools.