Everyone has heard about external threats, whether this be ransomware like WannaCry, crypto jacking or phishing.
Yet, no one seems to hear anything about internal attacks; however, a 2017 Verizon Breach Study found that 69% of organizations report an internal breach attempt. Why do external threats get so much attention when major attacks also occur internally? Well, the difficulty arises from finding internal attacks. For example, how does one determine what is an internal attack or just a user doing something new? Also, organizations tend to hide internal attacks, or just never find out they were breached internally. Coming to the rescue is User and Entity Behavior Analysis (UEBA).
UEBA Solutions allow an organization to set baseline requirements for users and provide real-time accounts of any anomalies that arise in day-to-day operations. UEBA does this through cutting-edge analytics and advanced statistical analysis along with advanced correlation. The combination of these methods creates a blanket security environment that prevents a host of attacks on all ends of the spectrum.
Though, before we dive into this it is important to understand what an internal threat really is. An internal threat can be anyone with access to your business system- this isn’t limited to just your employees and can include contractors, and former staff. Furthermore, internal threats can be categorized into two subsections.
– Unintentional Insider: An insider that accidentally exposes privileged information.
– Malicious Insider: An insider that purposefully exposes privileged information.
An unintentional insider would have no motive to release this information and the breach of it comes from a personal error. However, malicious actors generally have one of three motives. They may have financial motives ranging from selling company property (like a computer) or selling propriety information to competitors for large compensation. The prior example transactions into the second motive insiders have which is business gains. Lost proprietary information can place a company at a serious competitive disadvantage and potentially ruin the business (Remember not just employees count as insiders but former employees do also). Thirdly, an insider may expose a corporation to get revenge on them, stemming from job dissatisfaction or other similar reasons.
UEBA not only responds to Insider Threats but also to Account Comprises, Privileged Access Abuse and Data Exfiltration.
Account Compromises occur when a hacker infiltrates a network by using user credentials or reputation. From there, they can compromise further areas of the environment. UEBA fights this by recognizing indicators of compromise across any asset and alerts your team of the issue.
Privileged Account Abuse occurs when compromised credentials move laterally within your organization to areas with privileged information because the user originally has access to said information. URBA combats this by validating and disabling accounts with escalating privilege, therefore limiting the lateral movement within an organization.
Finally, Data Exfiltration is the unauthorized transfer of data from a device. UEBA Solutions would indicate possible Data Exfiltration in real time, thus allowing your team to make the necessary fixes.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions, want to learn more about our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.