Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

BUSINESS

Protecting the Enterprise Network: a People-Centric Approach

Published On :

Derek Lin, Chief Data Scientist at Exabeam explains why adopting a people-centric approach to network security can significantly reduce the risk of breaches

The rising tide of cyber threats has placed the issue of network security in the spotlight. These days, protecting against insider and external threats has become a business imperative – one that has seen IT teams employ traffic flow monitoring and threat analysis tools in a bid to beef up network defences.

Despite these investments, security breaches continue to take place with alarming regularity. That’s because phishing, whaling, credential compromise and malicious insider threats all have one thing in common: human vulnerabilities. For a phishing attack, the user clicks on a suspicious link while in the case of a malicious insider, an individual chooses to steal company data. Ultimately, the success of these attacks depends on the susceptibility of people.

With hackers now actively targeting users in order to infiltrate the enterprise, IT teams can no longer rely on simply monitoring network traffic alone. What’s needed is a more people-centric approach that monitors user behaviours too.

Who is accessing the network – and why?

Today’s mobile and cloud-enabled workers hold multiple IDs giving them access rights to a plethora of applications and systems; everything from a standard Windows ID to accounts for SAP, Salesforce.com and Oracle. Throw BYOD into the mix and tracking ID for each user in one central location becomes nigh on impossible 3Ž4 makings it difficult to know, with certainty, precisely who is accessing the network.

But that’s not all. Without centralised asset monitoring in place, IT teams will have limited visibility of exactly what assets are held on the network. So, while it may be able possible to ascertain who is accessing which server, it will be difficult to know what other sensitive information is being held on that same server.

What’s more, even when IT teams are able to track who’s accessing what on the network it’s unlikely they could say for sure if this constitutes a ‘normal’ or ‘suspicious’ behaviour, since network flow monitoring won’t capture the contextual data required to answer such a question.

The good news is that machine-learning technologies can help address all these issues, giving IT teams the visibility they need to improve security practices.

Utilising user behaviour intelligence

Machine learning techniques can address the challenge of identity-based threats by providing a complete picture of all user behaviour, whether it’s risky or not, and a complete view of all activity on the enterprise network.

So, when an employee logs in from their office desk using their personal credentials and later in the day logs in remotely via a personal device from home, machine learning engines are able to connect these two actions using behavioural data.

But that’s not all. By tracking each employee’s actions over time, machine learning engines can build up accurate models of their network activity. Using these baselines, the normal activity for every user can be determined – making it faster and easier to spot new or previously unidentified threat behaviours.

As well as providing the much needed context required to analyse trends on a per-user basis and spot any activity that deviates from what is considered acceptable or ‘normal’, machine learning techniques can also be utilised to build accurate network asset models that give IT teams a true depiction of everything that’s on the network.

Armed with this detailed knowledge IT teams are better able to keep a close eye on what’s being accessed at any particular time, tagging high risk assets – such as those used by board members or senior managers, for example – to ensure these are subjected to more stringent security measures.

Initiating effective network security

Today’s powerful machine learning platforms are now cost-effective enough, from a compute power perspective, for any size of business to benefit from the real-time output that can be used to significantly improve security practices.

Delivering increased visibility into the activities of users on their network, IT teams are able to determine who is accessing the network, what they are doing and whether they should be doing it. All of which makes it easier to detect and respond to modern attacks fast and in a way that’s not possible using traffic monitoring tools alone.

Continue Reading

Recent Posts