By Enterprise Security Magazine | Tuesday, November 19, 2019
Artificial intelligence (AI) is coupling with cybersecurity in order to create a new genre of tools known as threat analytics. Machine learning is allowing threat analytics to deliver greater precision in the areas of risk context, explicitly involving the behavior of privileged users, states a recent account in Forbes. This approach can be leveraged to develop notifications in real-time and respond actively to the incidents by cutting off sessions.
FREMONT, CA: The general notion is that hackers have gone to the dark side to plan a massive attack on vulnerable businesses. Still, the truth is that the companies are not protecting their access credentials from easy hacks. According to a report by Verizon’s 2019 Data Breach Investigations, ‘stolen credentials,’ ‘phishing’, and ‘privilege abuse’ is accounted for the majority of breaches.
According to Verizon’s 2019 Data Breach Investigations Report, the cyber adversaries’ tactics, procedures, and techniques are similar throughout the board. The report found that the speedily growing source of threats is from internal actors.
Internal actors can get the privileged access credentials with minimal effort; they usually obtain it via legitimate access requests to internal systems or putting up sticky notes in the work stations of the co-workers. Detecting privileged credential abuse is challenging, as legacy approaches trust the identity of the person using the privileged credentials to cybersecurity.
A cohesive Privileged Access Management (PAM) strategy includes machine learning-based threat analytics to provide a layer of security that goes beyond multi-factor authentication, passwords, or privilege elevation.
The machine learning algorithms allow threat analytics to quickly identify anomalies and non-normal behavior by tracking geolocation, behavioral login patterns, and time of login, and numerous other variables to calculate a risk score.
The threat analytics applications, along with machine learning-based engines, are considered to be effective at profiling regular behavior patterns for any user or any free activity, including commands. This helps in identifying anomalies in time to enable risk-based access control.
Impactful threat management applications include support for Security Information and Event Management tools, like IBM Radar, Micro Focus ArcSight, and Splink.
Credit: Google News