It Is High Time to Invest in Advanced Threat Detection, Now More Than Ever

18

August 2020

By: Mohie Ahmed

The impact of the global pandemic has brought the requirement for more intelligent, sophisticated threat analytics, given the damage being done as attacks on networks, applications and databases increase, and new threats surface that could take down entire mission-critical systems, including those which are needed more than ever in times of medical and environmental crises.

Not only do enterprises and organizations, including government agencies, need a secure and resilient digital infrastructure, they also need an “advanced warning” system that addresses real-time threats before they have a massive and potentially life-threatening impact.

The Identity Theft Resource Center (ITRC) Annual Breach Report, published by SANS, has been tracking publicly disclosed breach information in the US since 2005, including the 383 million record breach of the Marriott Corporation reservation system, and in 2019 the Capital One breach of 100 million records.

The ITRC data most recently showed that healthcare organizations experienced one of the biggest surges in the number and size of breaches. This statistic takes on new meaning in the context of COVID-19, given the importance of medical services. Recently attacks on companies working on billion-dollar vaccines have also been reported.

The attacks that cause the most damage are the highly targeted attacks, which have been more difficult to identify and seem impossible to completely prevent, including those caused by insiders or by external adversaries who steal credentials and are able to access networks, systems, and databases and do major damage.

The key to eliminating or minimizing damage from advanced targeted attacks is faster detection of suspicious events, leading to faster mitigation actions. The use of detection and response tools can augment basic security postures with damage minimization or prevention capabilities.

Ironsphere has a proven, rigorous advanced threat detection capability as part of our overall PAM platform. This offering includes:

PRIVILEGED THREAT ANALYTICS AND RESPONSE MODULE

  • Detects imminent security threats related to privileged accounts
  • Alerts and responds to detected threats

DASHBOARD

  • Summary of the analysis results to provide operation insights to security management
  • Visualizes overall detected threats and risk severities

SESSION ANALYTICS

  • Assesses risk score and risk severity based on the activities’ baseline
  • Detects irregular or potentially malicious activities, both in active and finished sessions, such as keyboard typing behavior and unusual command execution
  • Responds to detected threats, such as terminating sessions or quarantining (restricting access) to critical systems

PRIVILEGED USER ANALYTICS

  • Detects and alerts on anomalous user behavior, such as irregular login time, unusual user activity or excessive access attempts based on the regular user patterns (baseline) of privileged users
  • Responds to detected threats, such as blocking user account, activating multi-factor-authentication, sending notification to administrator, etc.

DEVICE ANALYTICS

  • Analysis of irregular access and activities on critical systems
  • Detects and alerts on anomalies, such as irregular access time, suspected compromised credentials and unmanaged privileged accounts on systems
  • Responds to detected threats, such as activating quarantine mode, resetting system credentials, etc.

Settings include:

  • Auto Response
    • Automatically responds to security incidents based on risk severity
  • Threat Detection Parameters and Settings
    • Wise Owl: Auto-Managed risk severity analysis with intelligent Machine Learning algorithms
    • Manual Control: manually controlled risk parameters and risk sensitivity weight on risk score
  • Alert Mechanism
    • Sends alerts to SIEM/SNMP servers and system admins according to risk severity

 This is Ironsphere’s high-level architecture:

Ironsphere is passionate about solving the most challenging cybersecurity problems including those which are pressing today. The good news about our solution is the speed with which we can implement our core solution and modules like our threat analytics solutions.

Please connect with us to learn more about the natural benefits of this, and to discuss how we can help defend your organization about advanced threats – new threats we have not yet seen – and more.

Similar Blogs

As More Data Moves to the Cloud PAM Task Management Addresses New Security Challenges

With the explosion of data being stored and shared in cloud environments, the role of IT teams becomes increasingly complex, and the need for task automation more compelling than ever. Enterprises are including IT task automation across many areas, including Privileged Access Management (PAM), and are adopting related Privileged Task Automation (PTA) related to PAM to address new challenges, including those posed by work-from-home scenarios.

read more