The Need for Behavior Centric Detection and Response

The Need for Behavior Centric Detection and Response

How many times have you been too late to discover a data breach after it has happened? A majority of time, it can take anywhere from days to months to detect these breaches. This has constantly been a challenge for not only organizations themselves, but also the security industry. The talk of data-centric security is just as important as being able to discover the behaviors of users and their devices.

It has been acknowledged that users are the weakest link in terms of cyber security and also are considered the most at risk for data breaches to occur. There has been very little information on the behaviors of these users and the patterns of usage. According to a recent article regarding why we need behavior centric detection and response, “Active engagement in monitoring, detecting and deriving insight into user access and usage patterns can foretell risky activity. Identifying early warning signs is critical for protecting against sophisticated threats including malicious insiders and external attackers that have hijacked legitimate user accounts.”

Organizations need to monitor these threats through correlation based log analytics. It is not only important to analyze all kinds of security in systems in place including DRM/IRM, DLP, IPS, physical access control, database security and many more, but also other types of user data including employee access credentials.

Results of this analysis need to be readily traceable and visualized using a risk index, trending charts and lists.

In general, security administrators take on roles of security risk management. However, line managers on the front line of security risks are also required to review and respond to the risks pertaining to their people, jobs and data. Providing line managers with comprehensive risk index results can alert them to potential risks and help them prevent risks. By involving these line managers with this risk review process, organizations can determine with confidence whether the target users, groups or files are truly subject to insider threats.

 

Photo Credit by: Thomas Haynle

Leave a Reply