- InsightsInsights
- CryptocurrenciesCryptocurrencies
- Stocks
- White Papers
- IndustryIndustry
- GeographyGeography
Data has long been categorized as "the new oil," which is a fitting description given the premium organizations place on information and its ability to drive better decision-making enterprise-wide. Of course, obtaining these insights doesn't just happen—to paraphrase Gartner's Peter Sondergaard, just like oil requires a combustion engine to be useful data too must be properly mined in order to deliver on its promise.
Technology has matured significantly since Sondergaard first made this claim in 2011 and today much of analytics can be automated–significantly accelerating the resulting insights. When coupled with human intelligence there are myriad benefits across industries, but let's focus here on security. Whether it's hackers, cybercriminals, or nation states these bad actors employ increasingly sophisticated tactics. Generally speaking, there are four key ways in which these groups infiltrate an organization—credentials, phishing, exploiting vulnerabilities, and Botnets. And, as the 2022 Verizon Data Breach Investigations Report (DBIR) puts it, "…no organization is safe without a plan to handle them all."
Data–both internal and external alike– should play a role in formulating plans for each of these four weaknesses. Below are just a few examples of how data can be applied to strengthen companies' defenses in some of the aforementioned areas.
We often think of bad actors as faceless external groups, but this is not always the case. Current and former employees, contractors, and business associates can also pose a significant security headache— knowingly or unknowingly. Because these insiders often have credentialed access to sensitive systems and data, this headache has the potential to be even more damaging than that caused by external actors. Insider threats can be disgruntled employees (such as the 2018 Tesla case in which sensitive data was exfiltrated) or unwitting third-parties attacked as a means of entry to another organization (as was the case in the highly publicized 2013 Target data breach).
The good news is that indicators of an insider threat can be spotted in advance through the right combination of human intelligence and analytics. Typically, before an insider successfully breaches a system there are some early warning signs. For example, unusual login times, access requests for unauthorized databases, or abnormal email usage. With the right security analytics, companies can look for these and other markers of malicious behavior, and also spot signs of any resulting data theft before significant damage has occurred.
Security information and event management (SIEM) solutions deliver a valuable service—analyzing real-time and historical events along with other event and contextual data sources to give companies a picture of their IT infrastructure's security. However, the typical organization has numerous security alerts that can easily overwhelm the security team. In addition, because some of these alerts will be false alarms, companies need a way to efficiently classify them and determine which are most deserving of further investigation.
By applying analytics to SIEM alerts, organizations can obtain greater clarity into their threat environment. Security analytics solutions can automate incident investigation and contextualize alerts, making it easier for security teams to identify legitimate leads and freeing up their time to deal with potential breaches more swiftly. And because these solutions continually learn, each incident contributes to a dataset that helps the organization be more proactive and targeted in its future response.
Compromised credentials remain a preferred means of entry for hackers, with their usage involved in over 80% of the attacks studied in this year's DBIR. Human behavior is a primary reason behind their enduring popularity. People typically select relatively weak, easily guessable passwords and reuse them across work and personal sites and accounts. If just one of these sites has been targeted in a previous breach, it's guaranteed that the password is available on the Dark Web for other hackers to utilize in future attacks.
With the right approach, however, companies can harness external data from previous breaches to turn threat actors' ammunition into a defense tool. Just as hackers turn to the Internet and Dark Web to obtain exposed credentials, companies can avail of this same intelligence to eliminate these username and password combinations from their environment. Screening credentials against a dynamic database that contains all commonly-used passwords along with the latest breach intelligence can give companies credential security assurance. In addition, this screening can be automated meaning that there is no additional IT burden and that employees are unaware that the check is occurring unless a compromise is detected.
Whether it's external data, as outlined above, or internal information as in the earlier examples, there are numerous ways in which data can be leveraged to improve security. The threat landscape continues to evolve, making it more important than ever that companies adopt a layered approach. By applying analytics at every level, organizations can put their best foot forward and stay a step ahead of would-be attackers.
Josh Horwitz is COO of Enzoic, a leading provider of compromised credential screening solutions. He earned his MBA from Babson's F.W. Olin Graduate School of Business and his BA from Washington University in St. Louis.
