Insider Threat Detection That Sniffs Out System Anomaly Behaviour
The Threat Is Already Inside
Despite a healthy debate about good cyber practise, we still see large companies fall victim to malicious attacks from one month to the next. At its core, every insider threat is directed by a human being, and can be boiled down to human behaviour, as manifested on computer systems.
When Edward Snowden singlehandedly stole classified documents from one of the most secretive and well-defended organizations in the world, a rising wave of suspense came crashing down within the information security industry. The uncomfortable reality that our key information systems are insecure can no longer be avoided, and while insider threats may be rare, they have greater potential to be deadly.
Behaviour is therefore key to understanding threat, and not just as a means of investigating an attacker retrospective. Humans are incredibly good at adapting themselves to different situations and contexts, and this is exactly what an attacker does too.
Therefore, the ability to see and understand different types of behaviours as they evolve and adapt, is exceedingly important to detect real threats to a high degree of accuracy.
How Can CommsNet Group Help?
Utilising advanced machine learning and probabilistic mathematics, a new category of cyber technology that passively sees all network interactions and events and self-learns to build dynamic models of the normal behaviours of each user and machine, and the enterprise as a whole.
This evolving picture of network activity and normal behaviours means that it is uniquely able to spot abnormal behaviours, as this manifests itself in real time. The technology is able to form a highly compelling picture of threat activity by correlating multiple subtle shifts in behaviour, and sends alerts based on its unique understanding and judgment. Here are some examples:
- Anomalous data transfer
- Illegitimate access to database server
- Bitcoin mining
- Unauthorised use of administration credentials
- Use of “Tor” for anonymising network
- Anomalous internal file transfers
- Connections to website linked to Advanced Persistent Threats
- Attempted to connect to non-existent domain names
- Port-scanning activities
- And much more
This evolving picture of network activity and normal behaviour means that we are able to uniquely able to spot abnormal behaviour, as this manifests itself in real time.
The technology is able to form a highly compelling picture of threat activity by correlating multiple subtle shifts in behaviour, and sends alerts based on its unique understanding and judgment.