|FOCUS ON THREATS NOT EVENTS
Behavior Anomaly Detection looks for deviations from normal user and network activity. This way unusual traffic, such as attempted siphoning of customer records, can be detected even if the invading malware has fooled your security. More than this, if you had a centralized network view and could analyze events in multi-dimensions, the risk impact of the event could be assessed automatically and alerted to your IT staff quickly, so they can take immediate action to avoid data loss.
Extending your monitoring to physical security (door access and surveillance) is what Gartner calls ‘Consolidated Monitoring’ and believes is a future trend for information assurance. This intelligent approach means that seemingly unrelated events - like access to the building after hours, accessing sensitive information and copying files - could be correlated, assessed as suspicious and alerted instantly, before loss occurs.
In large organizations, transaction data volumes can be massive since logs contribute up to an estimated 25% of enterprise data. This means that vigilant cyber security teams are routinely immersed in a quagmire of events, most of them harmless. The intelligent approach is to identify the harmful events quickly, so your staff can focus on the vital few instead of being distracted by the trivial many. This way, IT security teams can provide effective information assurance, and stay ahead of the game.
ADAPT TO CHANGE
The one certainty in the security landscape is constant and rapid change, so trying to keep pace using traditional static systems can be time-consuming and fruitless. Even specialized Data Loss Prevention (DLP) systems can’t stop a lot of data theft, regardless of whether the perpetrator is a Trojan, a hacker or a malicious insider.
DLP requires tagging of all data with security status, and keeping it current so pattern-matching algorithms can track the data you don’t want to lose. CIO magazine points out the folly of this approach: ‘Identifying and blocking all sensitive information is neither possible as an outcome nor wise as a goal.’ Security specialist Rich Mogull is less polite: ‘The concept that you can run around, analyse, and tag your data throughout the enterprise, then keep it current through changing business contexts and requirements, is ridiculous.’
Intelligent Security with Behavior Anomaly Detection can eliminate these pitfalls. If there is unusual activity - on your network, to a website, via an email attachment or to a printer - and its context suggests risk to the enterprise, it will alert your IT security staff immediately. Using Intelligent Security, organizations can free their IT staff from checking against constant threat updates, and re-deploy them where they’re needed - handling the genuine threats and becoming better prepared for the next ones.
Intelligent Security based on Behavior Anomaly Detection is not a security ideal or notion: it’s the choice of organizations with the toughest security checklists, including banks, critical infrastructure, border protection and law enforcement, in the UK, Japan and Australia. Intelligent Security provides them with information assurance and whole of enterprise protection, regardless of the nature or origin of the threat, and adapts quickly to their ever-changing demands.