As Cyber Attacks Surge During Pandemic, Threat Analytics Becomes A Critical Investment
By: Shrey Fadia
Originally published on PandemicTech News
The takeover of privileged accounts has become the single largest source of cyberattacks today, which is driving increased interest in threat analytics. While there is a range of threat analytics solutions, including those which address more traditional attacks (for example phishing), threat analytics as part of a Privileged Access Management (PAM) security posture, which supports a continuous, intelligent monitoring capability that helps organizations detect and stop external adversaries or malicious insiders before they cause damage has rocketed to the top of the list of CIO and CSO requirements.
Software automation solutions that integrate datasets of user behavior analytics with machine learning algorithms are on the rise. PAM solutions analyze the activity of individual users in real-time, accurately detecting malicious and high-risk activities, and automatically triggering controls that protect networks, applications, databases, and other assets.
We caught up with Orhan Yildirim, CTO, Ironsphere, to learn what they have been seeing, especially during the global pandemic where Work From Home (WFH) models have created new vulnerabilities and driven a surge of attacks on industries from healthcare to pharmaceutical, government and social media organizations. These attacks are only expected to grow, and executives responsible for protecting valuable and even life-saving assets have been working non-stop to address these serious issues.
“We’ve never been busier,” said Orhan Yildirim, “as we are working overtime to support our existing clients, who include large financial institutions, communications service providers, government agencies and other essential organizations, while turning up PAM services for new clients and partners, like Pegasystems and AWS.”
Yildirim said it is important to reduce risk by detecting and mitigating attacks, which can be so sophisticated they can go undetected for weeks or even months, and result in significant financial and reputational damage.
“Insider threats continue to comprise over 50% of incidents, so it is at least as important to track all activities associated with privileged accounts at all times as it is to be ready for external threats,” he said.
Static controls are no longer enough, Yildirim explained: “Dynamic, intelligent software, with AI and machine learning capabilities, is what it takes to simplify incident response and compliance. IT teams are under tremendous stress with all the uncertainty and changes, and the requirements to support remote workers. We need to support these teams with security software solutions that make their jobs easier, not harder, and that has been driving a surge in implementations and expansions for us.”
Yildirim said that traditional authentication and authorization solutions are not capable of stopping today’s sophisticated attackers, who may be external attackers or malicious insiders.
“We have to be better at securing our assets, our organizations, and our society with breach defense approaches that continuously analyze activities to identify suspicious activity, assess risk and quickly detect and stop attacks,” he added.
Yildirim also said there is no time to train IT teams to do all this manually: “We’ve succeeded because our solutions require no special training – the software analytics are doing the work. When high-risk attacks are identified, including those which indicate a deep expertise in data science, the system must automatically trigger to stop the attack, and by integrating privileged user behavior analytics with automated mitigations, enterprises can lock out the bad guys and ensure the protection of privileged accounts.”
Yildirim pointed to the recent Twitter blockchain event, which hacked some of the most famous Twitter accounts in the world within minutes of each other (ultimately caused by an insider who agreed to post to those accounts using privileged credentials) and to the potentially massive, global attacks on research and pharmaceutical organizations working on a vaccine for COVID-19.
“Threat Analytics for PAM provides protection against these and many other types of breaches and insider misuse by collecting domain-specific, contextual data, and performs advanced analytics on this data, developing risk models based on patterns. Quality threat analytics combined with quality PAM platforms enables intelligent, risk-based decisions including automatic shutting down of accounts,” Yildirim explained.
PAM-specific analytics are developed by Ironsphere and their competitors to specifically protect privileged access, with the most sophisticated features including automatic mitigation.
Weak passwords have long been the Achilles heel of IT teams, and despite all the best intentions, corporate policies, education, and workarounds, passwords aren’t going away any time soon. There is some buzz around password-less access, but there are good arguments to suggest that passwords should play a fundamental role in authenticating access.read more
Securing Increasingly Decentralized Corporate Environments in 2021: Changes and Challenges for Access Management
It is understandable that many IT leaders are solid fans of the centralized approach to cybersecurity, arguing that it allows companies to better assess and manage their risks by being able to control every application, device and access privilege, by user.read more
The debate on centralized vs. decentralized IT has been going on for decades, and there are solid arguments for both choices. The rise of the cloud changed everything, and today “shadow IT” continues to challenge CIOs and CISOs who are charged with protecting the assets of their organizations while also not restricting the number of productivity tools available which employees and contractors continue to find and use rather than using “official” applications.read more