As Cyber Attacks Surge During Pandemic, Threat Analytics Becomes A Critical Investment
By: Shrey Fadia
Originally published on PandemicTech News
The takeover of privileged accounts has become the single largest source of cyberattacks today, which is driving increased interest in threat analytics. While there is a range of threat analytics solutions, including those which address more traditional attacks (for example phishing), threat analytics as part of a Privileged Access Management (PAM) security posture, which supports a continuous, intelligent monitoring capability that helps organizations detect and stop external adversaries or malicious insiders before they cause damage has rocketed to the top of the list of CIO and CSO requirements.
Software automation solutions that integrate datasets of user behavior analytics with machine learning algorithms are on the rise. PAM solutions analyze the activity of individual users in real-time, accurately detecting malicious and high-risk activities, and automatically triggering controls that protect networks, applications, databases, and other assets.
We caught up with Orhan Yildirim, CTO, Ironsphere, to learn what they have been seeing, especially during the global pandemic where Work From Home (WFH) models have created new vulnerabilities and driven a surge of attacks on industries from healthcare to pharmaceutical, government and social media organizations. These attacks are only expected to grow, and executives responsible for protecting valuable and even life-saving assets have been working non-stop to address these serious issues.
“We’ve never been busier,” said Orhan Yildirim, “as we are working overtime to support our existing clients, who include large financial institutions, communications service providers, government agencies and other essential organizations, while turning up PAM services for new clients and partners, like Pegasystems and AWS.”
Yildirim said it is important to reduce risk by detecting and mitigating attacks, which can be so sophisticated they can go undetected for weeks or even months, and result in significant financial and reputational damage.
“Insider threats continue to comprise over 50% of incidents, so it is at least as important to track all activities associated with privileged accounts at all times as it is to be ready for external threats,” he said.
Static controls are no longer enough, Yildirim explained: “Dynamic, intelligent software, with AI and machine learning capabilities, is what it takes to simplify incident response and compliance. IT teams are under tremendous stress with all the uncertainty and changes, and the requirements to support remote workers. We need to support these teams with security software solutions that make their jobs easier, not harder, and that has been driving a surge in implementations and expansions for us.”
Yildirim said that traditional authentication and authorization solutions are not capable of stopping today’s sophisticated attackers, who may be external attackers or malicious insiders.
“We have to be better at securing our assets, our organizations, and our society with breach defense approaches that continuously analyze activities to identify suspicious activity, assess risk and quickly detect and stop attacks,” he added.
Yildirim also said there is no time to train IT teams to do all this manually: “We’ve succeeded because our solutions require no special training – the software analytics are doing the work. When high-risk attacks are identified, including those which indicate a deep expertise in data science, the system must automatically trigger to stop the attack, and by integrating privileged user behavior analytics with automated mitigations, enterprises can lock out the bad guys and ensure the protection of privileged accounts.”
Yildirim pointed to the recent Twitter blockchain event, which hacked some of the most famous Twitter accounts in the world within minutes of each other (ultimately caused by an insider who agreed to post to those accounts using privileged credentials) and to the potentially massive, global attacks on research and pharmaceutical organizations working on a vaccine for COVID-19.
“Threat Analytics for PAM provides protection against these and many other types of breaches and insider misuse by collecting domain-specific, contextual data, and performs advanced analytics on this data, developing risk models based on patterns. Quality threat analytics combined with quality PAM platforms enables intelligent, risk-based decisions including automatic shutting down of accounts,” Yildirim explained.
PAM-specific analytics are developed by Ironsphere and their competitors to specifically protect privileged access, with the most sophisticated features including automatic mitigation.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.