Preventing Data Breaches: Behavior is the New Authentication

Illustration: Bigstock

Today, one of the most challenging cyber predicaments organizations are faced with is that of the insider threat and how to protect against it. Whether it’s an employee financially motivated and intent on stealing company data, or a disgruntled ex-employee with an ax to grind, businesses must stay on top of how to prevent ‘privileged’ users – those with unrestricted access to the corporate network – from causing harm to the business and its customers.

The reality for many companies is that a growing number of security incidents can – and do – start inside the business, often as a result of privileged misuse. This could be a result of activities conducted by malicious insiders, or it could also be caused by external hackers who are intent on accessing sensitive information. In this case, hackers target privileged users with the objective of gaining access to the network via their username and password – in many cases, a root password. This is often because it can be far more lucrative for an external hacker to obtain the credentials of the most privileged ‘super users.’

A Digital Fingerprint

There are many layers of protection that security professionals have put in place to safeguard against breaches, including log management, firewalls, and SIEM, but while these are effective against the general user population, they are powerless to stop a privileged user who has legitimately gained access to servers. Password management solutions can make it difficult for a hacker attempting to hi-jack a privileged account, but it’s not a foolproof method, especially if an insider is in collusion with the hacker.

What these systems are missing is the key ‘blind spot’ in detecting breaches – the context of human behavior. Whereas machines are uniform and predictable, humans are not. Every privileged user has a unique pattern of behavior; everything from the time of day each person accesses which servers and what commands they use when they are there, through to their idiosyncratic typing patterns and mouse movements. If we can monitor ‘typical’ behavior in this way, and create a baseline profile for each individual, we can then pinpoint deviations in real time and avert breaches before they happen.

Removing the Security Blind Spot

By analyzing all user activity across the IT system, including malicious events, enterprises can have a better understanding of what is really happening on the network. They have the intelligence to close security gaps without adding additional layers of security.

As this approach demonstrates, protecting an organization from insider threats doesn’t need to be difficult. Analyzing user behavior adds a substantial layer of protection, increasing security and business efficiency while reducing the number of internal attacks.


This article was written by Balázs Scheidler, co-founder and CTO at Balabit, and was published in English to Balázs Scheidler was speaking at Infosec 2016 Conference in London about “Passwords are dead: behavior is the new authentication,” please click the video link to watch.

Add new comment

בשליחת תגובה אני מסכים/ה לתנאי האתר
To prevent automated spam submissions leave this field empty.

We will soon be announcing the PREVENTION OF CYBER BREACHING FOR MOBILITY AND SERVERS, TODAYS MOST VULNERABLE LINKS! Interested in our story, then please dont procrastinate. Some additional details: Trusted Networks, Inc. Suite 204 20 East 68th Street (C) 917-497-5523 (F) 212-288-2766 Among our critical infrastructure operated by computers and networks of computers as noted by the Government Accountability Office (GAO) are “financial institutions, telecommunications networks, and energy production and transmission facilities.” Our water supply and even nuclear power plants are also part of our infrastructure controlled by computers. As noted by the GAO, “ as these critical infrastructures have become increasingly dependent on computer systems and networks, the interconnectivity between information systems, the Internet and other infrastructures creates opportunities for attackers to disrupt critical systems, with potentially harmful effects.” In 2015, a German steel mill had the computers which operated its smelting furnace hacked causing it to overheat and resulting in tremendous damage. Krupp is the latest failure. St Jude’s Children’s Hospital with Abbotts, Merlin system, the resent breach , the huge LA County cyber attack affects 756K individuals., etc., etc.,. Now, also from the overall perspective, our Public Safety is the issue as well, Some examples, “First Net,” our National Emergency Network after a 47 billion investment following 9/11 and hundreds of billions thereafter is a failed project. However, with Mobility and Server Networks who have been the most vulnerable networks today, will now be protected! Now, Introducing the engineering solution for this year: • A preview to Prevention of Cyber Breaching. • By our 4 patented science and one new patent to be filed. • What makes Trusted Networks (TN’s) different from the largest ranked Cyber Security Software company’s? “No separation of Hardware & Software kernels at every level of their systems.” We Do! • They do not meet any recognized Standards including US NIST (National Institute Science Standards and equivalent UK “Common Criteria”& certain selected EU partners including Canada, Australia, etc. • Software solutions have assets by using it’s software to develop many more applications, communicate with dissimilar systems such as Analytics and communicating to a wider Internet and Clouds. • The Following majors companies are examples (i.e., See next attachment of the Top 500 Software Developers • We are exceptional Cyber Engineers vs. Programmers having previously supplied NIST Level 4&4+ systems consisting of numerous paired hardware circuit boards protecting software since our first win with NSA in 1985, partnering with Unisys, Later, L-3, Marshall Aero Space, Koor Industries, The Canadian Government, the UK Ministry of Defense, other Governments such as Sweden, Norway, and Australia, besides The US Navy, Army, and Air Force, Blue Cross, Lloyds of London, etc. • Today: Influenced by the seminol draft Michigan Telecommunications draft journal article “Snake Oil” co-authored by John Michener, PhD. our CTO & meeting Steve Mohan PhD for the first time at a NSA Conference in 2002. Steve at that time at that agency as their Chief Engineer and Architect. That got John and I dialoguing with Roger Schell, PhD. our Chief Engineer. • Shrinking costly circuit boards of combined hardware and software was a significant costly task to us (3.5 mil) but we were aware many government projects like First Net, a National Network between Homeland Security and down to a single small police and Firehouse was in trouble. It still is! See attachments. • Doc Mohan joined us full time 18 months ago but today we succeeded by inventing the first two semiconductors. One for Mobility and the other for Servers. Today’s most vulnerable applications! • Demonstrating at DEFCON-17 in Las Vegas July 27-30. This is the largest cyber security

You might be interested also