As Cyber Attacks Surge During Pandemic, Threat Analytics Becomes a Critical Investment

Connectivity Featured

By Shrey Fadia, Analyst and Consultant, Artin Arts

The takeover of privileged accounts has become the single largest source of cyberattacks today, which is driving increased interest in threat analytics. While there is a range of threat analytics solutions, including those which address more traditional attacks (for example phishing), threat analytics as part of a Privileged Access Management (PAM) security posture, which supports a continuous, intelligent monitoring capability that helps organizations detect and stop external adversaries or malicious insiders before they cause damage has rocketed to the top of the list of CIO and CSO requirements.

Software automation solutions that integrate datasets of user behavior analytics with machine learning algorithms are on the rise. PAM solutions analyze the activity of individual users in real time, accurately detecting malicious and high-risk activities, and automatically triggering controls that protect networks, applications, data bases and other assets.

We caught up with Orhan Yildirim, CTO, Ironsphere, to learn what they have been seeing, especially during the global pandemic where Work From Home (WFH) models have created new vulnerabilities and driven a surge of attacks on industries from healthcare to pharmaceutical, government and social media organizations. These attacks are only expected to grow, and executives responsible for protecting valuable and even life-saving assets have been working non-stop to address these serious issues.

“We’ve never been busier,” said Orhan Yildirim, “as we are working overtime to support our existing clients, who include large financial institutions, communications service providers, government agencies and other essential organizations, while turning up PAM services for new clients and partners, like Pegasystems and AWS.”

Yildirim said it is important to reduce risk by detecting and mitigating attacks, which can be so sophisticated they can go undetected for weeks or even months, and result in significant financial and reputational damage.

“Insider threats continue to comprise over 50% of incidents, so it is at least as important to track all activities associated with privileged accounts at all times as it is to be ready for external threats,” he said.

Static controls are no longer enough, Yildirim explained:  “Dynamic, intelligent software, with AI and machine learning capabilities is what it takes to simplify incident response and compliance. IT teams are under tremendous stress with all the uncertainty and changes, and the requirements to support remote workers. We need to support these teams with security software solutions that make their jobs easier, not harder, and that has been driving a surge in implementations and expansions for us.”

Yildirim said that traditional authentication and authorization solutions are not capable of stopping today’s sophisticated attackers, who may be external attackers or malicious insiders.

“We have to be better at securing our assets, our organizations, and our society with breach defense approaches that continuously analyze activities to identify suspicious activity, assess risk and quickly detect and stop attacks,” he added.

Yildirim also said there is no time to train IT teams to do all this manually:  “We’ve succeeded because our solutions require no special training – the software analytics are doing the work. When high-risk attacks are identified, including those which indicate a deep expertise in data science, the system must automatically trigger to stop the attack, and by integrating privileged user behavior analytics with automated mitigations, enterprises can lock out the bad guys and ensure the protection of privileged accounts.”

Yildirim pointed to the recent Twitter blockchain event, which hacked some of the most famous Twitter accounts in the world within minutes of each other (ultimately caused by an insider who agreed to post to those accounts using privileged credentials) and to the potentially massive, global attacks on research and pharmaceutical organizations working on a vaccine for COVID-19.

“Threat Analytics for PAM provides protection against these and many other types of breaches and insider misuse by collecting domain-specific, contextual data, and performs advanced analytics on this data, developing risk models based on patterns. Quality threat analytics combined with quality PAM platforms enables intelligent, risk-based decisions including automatic shutting down of accounts,” Yildirim explained.

PAM-specific analytics are developed by Ironsphere and their competitors to specifically protect privileged access, with the most sophisticated features including automatic mitigation.

Gartner recently released its new Market Guide for Network Detection and Response.   Gartner notes that providers are focusing on enhancing detection and response capabilities to add new capabilities. On the detection side, vendors are improving their ability to find suspicious patterns in encrypted traffic, adding termination, decryption, and analysis features for TLS traffic. For response capabilities, vendors are broadening partnerships with vendors of firewall, network access control, security operations automation response, endpoint detection and response, and other security tools.

About the author:  Shrey Fadia is an engineer, analyst, consultant and writer covering the most disruptive fields in technology today including AI, IoT, Blockchain, Cybersecurity, Communications Platforms as a Service and more, with a special interest in innovations that improve lives. While working towards his Master of Science degree in Electrical and Computer Engineering from State University of New York (SUNY) at Binghamton, NY, Fadia has published numerous articles on advances in software-based solutions in several industry publications. 

While working towards his undergraduate degree in engineering in India, Fadia and a team of other students developed a Smart Wheelchair leveraging sensors and affordable features including retrofitting existing equipment to make mobility possible using gesture mechanisms and obstacle avoidance. Their innovation was featured at an IoT Evolution World Expo in 2017. Fadia is currently a Graduate Teaching Assistant at State University of New York (SUNY) at Binghamton, NY while consulting for companies as a Senior Analyst for strategic tech communications firm Artin Arts, based in NYC.