Big Data

The analytics black hole for detecting internal security threats

Better analytics are needed to help identify insider security risks. Fortscale is one company that already provides such a solution.

it-security-and-risk-management-an-overview-v1.jpg
©iStock.com/Balefire9

Forrester Research conducted a data security and privacy survey of North American and European companies in 2013 that revealed that enterprise "insiders" were the leading source of security breaches, with 36% of breaches stemming from inadvertent misuse of data by employees.

The same survey showed that only 42% of the North American and European workforce in small to midsized companies had received training on how to remain secure at work, with only 57% reporting that they were even aware of corporate security policies. "People don't know what they don't know," said Heidi Shey, a Forrester analyst and the author of the report, is quoted as saying in a CSO Online post. "You've got to give them some kind of guidance and guard rails to work with."

The largest security "black hole" in the enterprise

"From what we know and hear, nearly 50% of security threats that companies are experiencing are now coming from the inside," says Idan Tendler, a former Israeli war officer and now CEO and founder of Fortscale, which provides big data security analytics. "IT has security detection in networks and at network endpoints, but the challenge for IT is that it does not have good visibility or analytics for detecting internal security threats, which is the largest security 'black hole' in the enterprise."

Fortscale provides a big data analytics approach to internal security monitoring, detection, and investigating by pulling together user behavior profiles that are able to identify "risky" users because of their security sloppiness or even malicious users.

"If you think about the state of internal corporate security, once a legitimate user in an enterprise has certain security privileges, whether it is an assistant to the CEO or a vice president of sales, these users also often have the ability to access sensitive files where it is hard to detect access," said Tendler. "In other cases, an enterprise grants a contractor access to certain sensitive data. It is always important to have the ability to understand the usage patterns of individuals with security privileges, so that if you see an access from a user at a certain time of day that is irregular for that user, you can look at it. That is the power of 'machine learning' through the application of algorithms that can track usage patterns and determine when there are irregularities or anomalies which could indicate a breach."

In beta testing that Fortscale performed with Fortune 100 and Fortune 1000 companies, Tendler says that there has been varied feedback and results.

"In one case, we uncovered a malicious user who had stolen some security credentials," he said. "In other cases, we discovered users whose access credentials had been misconfigured, such as an engineer who had access to corporate financial documents...And in still other cases, we found 'rogue users' who were below the level of suspicion, but who were potentially engaged in malicious activity, and required investigation."

Plugging big data and analytics into internal security monitoring can't come soon enough.

Also see

About

Mary E. Shacklett is president of Transworld Data, a technology research and market development firm. Prior to founding the company, Mary was Senior Vice President of Marketing and Technology at TCCU, Inc., a financial services firm; Vice President o...

Editor's Picks

Free Newsletters, In your Inbox