How Behavioral Analytics Can Protect Businesses From Data Theft

by Chris Preimesberger

Sophisticated targeted attacks on governments and companies go undetected for months and even years and are usually discovered by government intelligence or law enforcement after the fact. Behavioral analytics will detect and surface these attacks as they attempt to reconnaissance a network, access and steal data. Even if these attacks attempt to copy normal activities, analytics engines will recognize the differences in behaviors and actions.

Whether through stolen identities or phishing attacks, malware finds and exports personally identifiable information (PII) from back-end repositories to be used in fraudulent financial activities. Behavioral analytics will identify malware operating on endpoints or communication across networks, and alert security teams while the attack is in progress. Analytics will detect anomalous actions of a stolen identity as well as anomalous network communications and database access.

Insider espionage is an ongoing problem for governments, manufacturers and other industries where global competition is extreme. Behavioral analytics will detect these insider attacks, even when the insider is moving small amounts of data over long periods of time. Clustering analysis of individual activities against like groups of users will detect even low-level anomalous events.

As many surveys have reported, a majority of employees leaving an organization take sensitive data with them and download it before they announce their resignation. Behavioral analytics will not only detect and surface the employees as they take the data, but will also model activities that predict they are leaving.

In any insider attack, finding collaborators involved in the attack is extremely difficult. Whether it is long-term espionage or a group of exiting employees, when collaboration is involved, threat detection is much more difficult. Behavioral analytics can uniquely connect all the dots in an incident while it is occurring. This includes connecting anomalous actions to multiple users and clearly showing who was and who was not involved.

Contractors have long been a high-risk channel for data theft, especially when they are located in geographies such as China and India. Behavioral analytics is not limited to endpoint or network data, and can consume and analyze the log data of back-end systems where source code, CAD files, manufacturing process and business plans are stored. When contractors (or any employees) access this data in an attempt to steal it, analytics will detect the anomalous action and alert security teams.

Many data-loss incidents are not related to knowingly bad actions but are caused by employees not following governance policies, compliance laws or security procedures. Behavioral analytics is not just detecting attacks; it will also identify anomalous behaviors measured against existing corporate governance and compliance policies and alert managers to employees who are acting recklessly.

Hacktivists not only damage the reputation of a company, but their destructive attacks can shut down systems and destroy computers, leaving a company bleeding cash. Behavioral analytics will quickly identify the extreme anomalous events carried out by either an inside hacktivist or an outside-based attack. Detection and alerting of this type of attack will happen in near real time.