Blindspotter Uses Machine Learning to Find Suspicious Network Activity
NEWS ANALYSIS: The use of machine learning to identify suspicious online activity is a new and important capability in securing the network, but privileged users were the weak point until now.BUDAPEST—There is a consistent factor that will often be discovered in the aftermath of many of today's data breaches and network breach attempts. It's the first phase of the attacks that few notice, because it starts as a phishing email that attempts to get the login credentials for a privileged network user. In many cases, the attack proceeds deliberately, perhaps hitting an employee who has access to information needed to get credentials with higher privileges. This continues until the hackers behind the phishing attack gain what they're really after, the credentials for someone with complete access to the network. These initial attacks may proceed slowly so that the people behind them can make sure that they’re getting the access they want without being detected. In many cases, those hackers work for governments, but they may also work for organized criminals. Patiently, they wait until they have the keys they want, then they quietly strike. In most networks, even those with excellent perimeter defenses and with well-configured intrusion detection systems, the first stages are missed because they operate at such a low level.
When they finally get the access they need, the hackers are careful so they don't arouse suspicion. Eventually they are able to insert the malware or other means of getting the data that they want, at which point they can sit back and let it flow to them.