Cloudera executive: Three must-haves for using behavioral analytics to prevent insider threats
Recent events have resurfaced agency concerns about insider threats. But insider threats often go beyond whistle blowers or deliberate employee attacks; in many cases, innocent behaviors can be just as threatening. Even simple actions like employees connecting to unsecure networks, clicking on bad links, or hosting sensitive information in public places can pose a significant threat to an agency. Whether looking at the volume of traffic, where it is coming from, or where it is going, agencies have traditionally viewed cybersecurity threats from the outside in. But, in order to identify and stop insider threats, agencies need to view cybersecurity from the inside out. Agencies need to focus on people, and — more specifically — their behaviors. Insider threats, whether malicious or accidental, pose a significant risk to federal agencies. Behavioral analytics should be the first line of defense. The goal of behavioral analytics is to understand the interaction between people and systems, ultimately identifying red flags that could signal threatening behavior. Behavioral analytics keep us informed on who is doing what, when and where. For instance, if Jane in accounting suddenly started visiting a website 100 times a day, a site she had previously never visited, a behavioral analytics solution would recognize this as unusual behavior that should be explored further to uncover a potential threat. In this scenario, it is likely Jane isn’t actually visiting this website, rather her computer has been hacked, exposing the agency to a breach. Once a potential threat is observed, confirming or denying it entails a combination of manual and programmatic analyses of new and historic data. To learn more about the potential threat, analysts must undertake a manual effort to interactively dissect data. Obtaining immediate answers from the data is essential, as each potential threat will be unique, spurring new questions that must be addressed. When you apply this concept to an entire agency, massive amounts of data will be generated, becoming a big data challenge. And the depth and scope of these massive datasets can also be a challenge, as agencies oftentimes must examine different data elements and broad time frames. Given the complexity of using behavioral analytics to prevent insider threats, there are three things agencies must consider. 1. Classification and security standards – Guarding against insider threats first starts with data security, and this begins with identifying and categorizing data assets based on the sensitivity of the information. The more sensitive the information, the better protection it needs. And once data security is in place, governance and security controls must be implemented among employees to ensure that only those with the proper level of authority and clearance can access and manipulate the data. 2. Accessibility – An agency can have all the relevant data at its fingertips, but it is useless without the means to quickly and efficiently access that data to assess threats. The ability to look at all data for behavioral analytics is key, but accessing data when it is needed is historically a costly undertaking. Agencies need to both store and access all of their data without incurring extra costs. The Hadoop ecosystem of open-source projects offers a cost effective means to store massive quantities of sparse data while providing real-time, large-scale inputs and outputs and compression. 3. The right tools – There isn’t one catch-all solution for behavioral analytics. Rather, several tools work together, making having the right ones all the more important. Agencies need cluster computing, machine learning, business intelligence and storage to support behavioral analytics. What makes effective cybersecurity so difficult to implement is that the nature of threats is constantly changing, and insider threats are no exception. Yet behavioral analytics are an impactful way for agencies to predict what the next threat may look like by calling to attention what is different and, thus, what merits further investigation. While the variety and volume of agencies’ datasets can make behavioral analytics seem like a daunting task, agencies that take the correct steps to put an effective behavioral analytics solution in place can go a long way towards mitigating risks.