How Behavioral Analytics Can Protect Businesses From Data Theft

1 - How Behavioral Analytics Can Protect Businesses From Data Theft
2 - Targeted Cyber-Attacks by Nation-States
3 - Malware Attacks by Criminal Organizations
4 - Employees Stealing Data Over Time
5 - Employees Who Are Leaving
6 - Collaborative Attacks
7 - Illicit Contractor Activities
8 - Insider Negligence
9 - Insider Hacktivist
1 of 9

How Behavioral Analytics Can Protect Businesses From Data Theft

by Chris Preimesberger

2 of 9

Targeted Cyber-Attacks by Nation-States

Sophisticated targeted attacks on governments and companies go undetected for months and even years and are usually discovered by government intelligence or law enforcement after the fact. Behavioral analytics will detect and surface these attacks as they attempt to reconnaissance a network, access and steal data. Even if these attacks attempt to copy normal activities, analytics engines will recognize the differences in behaviors and actions.

3 of 9

Malware Attacks by Criminal Organizations

Whether through stolen identities or phishing attacks, malware finds and exports personally identifiable information (PII) from back-end repositories to be used in fraudulent financial activities. Behavioral analytics will identify malware operating on endpoints or communication across networks, and alert security teams while the attack is in progress. Analytics will detect anomalous actions of a stolen identity as well as anomalous network communications and database access.

4 of 9

Employees Stealing Data Over Time

Insider espionage is an ongoing problem for governments, manufacturers and other industries where global competition is extreme. Behavioral analytics will detect these insider attacks, even when the insider is moving small amounts of data over long periods of time. Clustering analysis of individual activities against like groups of users will detect even low-level anomalous events.

5 of 9

Employees Who Are Leaving

As many surveys have reported, a majority of employees leaving an organization take sensitive data with them and download it before they announce their resignation. Behavioral analytics will not only detect and surface the employees as they take the data, but will also model activities that predict they are leaving.

6 of 9

Collaborative Attacks

In any insider attack, finding collaborators involved in the attack is extremely difficult. Whether it is long-term espionage or a group of exiting employees, when collaboration is involved, threat detection is much more difficult. Behavioral analytics can uniquely connect all the dots in an incident while it is occurring. This includes connecting anomalous actions to multiple users and clearly showing who was and who was not involved.

7 of 9

Illicit Contractor Activities

Contractors have long been a high-risk channel for data theft, especially when they are located in geographies such as China and India. Behavioral analytics is not limited to endpoint or network data, and can consume and analyze the log data of back-end systems where source code, CAD files, manufacturing process and business plans are stored. When contractors (or any employees) access this data in an attempt to steal it, analytics will detect the anomalous action and alert security teams.

8 of 9

Insider Negligence

Many data-loss incidents are not related to knowingly bad actions but are caused by employees not following governance policies, compliance laws or security procedures. Behavioral analytics is not just detecting attacks; it will also identify anomalous behaviors measured against existing corporate governance and compliance policies and alert managers to employees who are acting recklessly.

9 of 9

Insider Hacktivist

Hacktivists not only damage the reputation of a company, but their destructive attacks can shut down systems and destroy computers, leaving a company bleeding cash. Behavioral analytics will quickly identify the extreme anomalous events carried out by either an inside hacktivist or an outside-based attack. Detection and alerting of this type of attack will happen in near real time.

Top White Papers and Webcasts