My colleagues and I typically talk about how data analysis software can help utilities predict equipment malfunctions, assist health care professionals in developing personalized treatments and a variety of other use cases. However, it's a rare occasion when data analytics' contribution to IT security enters the discussion.
"Why can't real-time analytics be applied to network and database defense?"
If you're a frequent reader of this blog, you've probably come across the term "real-time analytics" more than once. So, I'd like to ask – why can't the same analytical approach be applied to network and database defense? Why are some organizations failing to use data scrutiny engines that can identify vulnerabilities in data protection protocols or encryption strategies?
Credentials and behavior: What doesn't add up?
When a security breach occurs, it's very likely that a systems administrator will identify the problem after malicious activity is already underway. The problem with this approach is that by the time employees receive alerts that a network, database or system has been infiltrated, the attack is fully underway and the hackers may have already found the information they were looking for.
IT Business Edge contributor Mike Vizard spoke with Exabeam Vice President Mark Seward, who maintained that the majority of security breaches typically consist of hackers entering systems via compromised end-user credentials. While Exabeam's analytics engine categorizes legitimate and illegitimate behavior for each administrator and employee, it's still missing the mark in one respect: It fails to identify when access permissions are jeopardized.
"69 percent of enterprises reported data breaches were caused by poor employee conduct or error."
To Exabeam's credit, alerting administrators the moment a person's credentials have been compromised is incredibly difficult. However, it's a rare occasion when a cybercriminal obtains usernames and passwords by physically breaking into an office – hackers typically employ malware that allows them to steal such information remotely. Therefore, it's important that companies use data analytics tools capable of identifying and dismantling such malicious programs.
A comprehensive view of security protocols
Every organization has (or should have) a set of rules that define how employees should transfer information. The problem is, some workers don't appreciate the effectiveness of these protocols, and may neglect to take them into account. A study conducted by the Ponemon Institute and data loss prevention company Vontu showed that 69 percent of enterprises reported data breaches were caused by poor employee conduct or error.
How can analytics resolve this issue? Businesses can use the technology to identify patterns of unfavorable behavior among staff, and deduce which workers are putting systems at risk. In addition, data analysis software can provide finished reports detailing how those personnel can fix poor habits.