Behaviour analytics technology is being developed or acquired by a growing number of information security suppliers. In July 2015 alone, European security technology firm Balabit released a real-time user behaviour analytics monitoring tool called Blindspotter and security intelligence firm Splunk acquired behaviour analytics and machine learning firm Caspida. But what is driving this trend?
Like most trends, there is no single driver, but several key factors that come together at the same time.
In this case, storage technology has improved and become cheaper, enabling companies to store more network activity data; distributed computing capacity is enabling real-time data gathering and analysis; and at the same time, traditional signature-based security technologies or technologies designed to detect specific types of attack are failing to block increasingly sophisticated attackers.
As companies have deployed security controls, attackers have shifted focus from malware to individuals in organisations, either stealing their usernames and passwords to access and navigate corporate networks without being detected or getting their co-operation through blackmail and other forms of coercion.
Stealing legitimate user credentials for both on-premise and cloud-based services is becoming increasingly popular with attackers as a way into an organisation that enables them to carry out reconnaissance, and it is easily done, according to Matthias Maier, European product marketing manager for Splunk.
âFor example, we are seeing highly plausible emails that appear to be from a companyâs IT support team telling a targeted employee their email inbox is full and their account has been locked. All they need to do is type in their username and password to access the account and delete messages, but in doing so, the attackers are able to capture legitimate credentials without using any malware and access corporate IT systems undetected,â he said.
An increase in such technique by attackers is driving a growing demand from organisations for technologies such as behaviour analytics that enable them to build an accurate profile of normal business activities for all employees. This means if credentials are stolen or people are being coerced into helping attackers, these systems are able to flag unusual patterns of behaviour.
Read complete article at:Â http://www.computerweekly.com/news/4500251006/Why-the-time-is-ripe-for-security-behaviour-analytics