User Behavior Analytics: The Force of Cybersecurity Awakens
If someone asked me which Force will awaken in 2016, I would say cybersecurity. Securing infrastructure, customer interactions and protecting data are critical to preserving your reputation and your bottom line. Many cyber attacks remain undetected for up to eight months and can cost an organization an average of $11 million. Threats are further complicated by the agility of the attackers against the less agile, traditional defense systems.
According to Andrew Borene, Chief Strategist from IBM and Chair of the 2015 Cyber Security Summit, new data sources arising from the Internet of Things and biometrics will lead to a renewed Government interest in using Big Data. The solution - Borene says - comes from Cyber intelligence: fortifying cyber security requires proactive cyber intelligence that identifies threat actors, their purpose, intentions, infrastructure and weaknesses. Big consulting organizations will definitely have to offer their Customers CyberIntelligence-as-a-Service consulting options in the next future.
With conventional security controls there’s no clear cut answer. Static perimeter defenses are no longer adequate in a world where data breaches increasingly are carried out by the Dark Side using stolen user credentials. And they have never been of much use against malicious insiders, who abuse their privileges. Today’s BYOD environment can also leave a static perimeter in tatters as new rules have to be continually added for external access.
A new approach called User Behavior Analytics (UBA), can eliminate this guesswork using big data and machine learning algorithms to assess the risk, in near-real time, of user activity. UBA employs modeling to establish what normal behavior looks like. This modeling incorporates information about: user roles and titles from HR applications or directories, including access, accounts and permissions; activity and geographic location data gathered from network infrastructure; alerts from defense in depth security solutions, and more. This data is correlated and analyzed based on past and on-going activity.
Such analysis takes into account - among other things - transaction types, resources used, session duration, connectivity and typical peer group behavior. UBA determines what normal behavior is, and what constitutes outlier or anomalous activity. If one person’s anomalous behavior (i.e., midnight database queries) turns out to be shared by others in their peer group, it is no longer considered medium or high risk.
Identity has become a critical point of control over access to enterprise information. Fundamental IT trends around mobility, user personas, social login, big data and cloud mean that effective Identity & Access Management (IAM) is a strategic enabler for the latest digital services. In this landscape, organizations are being forced to increase focus and spending on both Enterprise IAM (the management of employees and business partners) and Consumer IAM (the management of customers and citizens).
An increasing number of organizations are moving towards satisfying IAM business requirements through the deployment of Identity-as-a-Service (IDaaS). Capgemini is going to play a leading actor role in this scenario: our IDaaS provides a fully-featured service encompassing all the traditional elements of an Identity and Access Management solution in a unified, managed service delivered in a single-tenant customer specific environment. This sets us apart from many of the cloud-based “shrink-wrapped” IAM offerings.
Besides cyber intelligence, companies and government agencies will begin using Blockchain encryption to protect against cyberthreats. Blockchain is the public ledger of Bitcoin transactions, which is updated by a network of several computers solving complex algorithms for verification. As such, it is considered a secure way to record data, as tampering with the records would require taking over majority of the computers in the network - a nearly impossible feat. MIT has tapped Blockchain technology to build Enigma, which could potentially allow databases to retain sensitive information and process it without risking exposure to malicious parties. In its white paper, Enigma is described as “a peer-to-peer network, enabling different parties to jointly store and run computations on data while keeping the data completely private.”
As part of their digital transformation strategy, Companies will begin proper inventorying of digital assets and data as part of their risk management strategies, heightening understanding of threat surfaces and ways of minimizing them. All IT assets (hardware and software) that collect, receive, process, store or transmit data (CRPST) need to be identified, regardless of whether these assets are owned/leased/subscribed or where they are hosted.
Every physical or virtual asset (network device, server, storage, application, database, etc.) must have one assigned owner at a manager/director/VP level who is ultimately accountable for security of the information CRPSTed by the asset. As the owner may choose or need to delegate responsibilities the asset meta-data should also include information regarding personnel that have delegated responsibilities.
(About the author: Paolo Saitti Global Software Engineering Chairman with Capgemini. This post originally appeared on his Capgemini blog, which can be viewed here).