Preventing Data Breaches without Constraining Business

Behavior Analytics is The New Authentication

Over the last ten years, organizations around the world have spent billions on security technology designed to protect users and data from cybercrime. Technologies like Anti-spam/anti-virus, firewalls and DLP systems have been deployed to create a perimeter to try to keep the criminals out. In fact, some of the world’s largest organizations have as many as 200 different security solutions in place, and yet … major breaches are on the increase.

The majority of these breaches come from privileged account abuse – in other words, your most trusted users are the weakest link in your defense. Why? Because they have legitimate, unconstrained access to your mission-critical applications. All it takes is one Privileged User to act maliciously … or one Privileged User account to be hi-jacked by an external attacker … and you are powerless to detect and prevent a major breach.

The fact is, it doesn’t matter where the perimeter is, it will be breached. Even the latest Privileged Identity Management systems can’t stop an insider or APT attack, because all they are really doing is moving the perimeter to a different point of authentication. 

To prevent a data breach, you need to stop thinking about perimeters, and ‘one-off’ authentication methods as a means of defence, and accept that the attacker is already inside your organization. 

At Balabit, we consider the continuous monitoring of Privileged User behaviour as a new form of authentication. We record individual user sessions as movie-like audit trails and, over time, we build up a detailed ‘digital footprint’ of each individual. Using machine learning, we create a matrix of baseline typical behaviours …. When does the user typically log-on to which systems … what commands do they normally use? What is the screen resolution of their laptop? What are their unique typing characteristics? What do their mouse movements look like?
By monitoring Privileged User behaviour in real time, we can then quickly determine if something out of the ordinary is happening, whether it’s an insider acting differently, or an attack from the outside where we need to be sure the user is who he or she is supposed to be.

Once the Balabit solution has flagged something suspicious, an alert is sent to the Security Operations Centre, where a rapid decision can be made to act, terminating the connection if necessary.

Balabit’s Contextual Security Intelligence platform is the only fully integrated Privileged User Monitoring and Analytics solution of its kind, preventing data breaches by treating behaviour as a form of real time continuous authentication. We’re also helping organizations meet their compliance obligations by securely gathering evidence and making it possible to show a bullet-proof audit trail. Also, with our laser focus on the context of Privileged User Behaviour, we help cut through the white noise of multiple alerts and false positives, resulting in significant efficiency gains in the Security Operations Centre.

Balabit – preventing data breaches without constraining business.