Advanced Persistent Threats: Minimizing Losses with Early Detection

As originally published by Help Net Security.

Let’s travel back to 2006, the year the blockbuster, “The Departed,” came out. Matt Damon plays a young criminal who has infiltrated the state police as an informer for South Boston’s Irish Mob. Working his way up the ranks, he gathers sensitive information about the plans and counter-plans of the operations he has penetrated and leaks them to his organized crime cohorts. Eventually, police suspect that there's a mole in their midst. Now, we all know how this ends – Damon is exposed and killed by Mark Wahlberg for his stint – but not before wreaking havoc throughout the department.

Read More

Today's IT Challenges Require Advanced Analytics

Here is the basic problem – today’s IT environments are more dynamic than they were 5 years ago. Your architecture is more complex than it was 10 years ago. Your people are responsible for a larger % of that environment than they were 15 years ago. And yet you are still reliant on an IT management approach developed over 30 years ago.

In the 1970’s and 1980’s, major computer vendors brought expert systems-based IT management systems to market to simplify the management of a rapidly growing computational infrastructure. These early management systems made alerting decisions based on human expertise codified in the form of thresholds and rules.

Read More

Data Breach Notification: You Need to “Know” Before You Can “Notify”

With all the discussion about data breach notification leading up to President Obama’s State of the Union address, it is clear that the US federal government is considering data breach legislation that would pre-empt state laws already on the books.

While there will certainly be political debate regarding the merits of a federal law versus individual state laws (currently 47 states have data breach notification laws), a study by ISACA this week showed that a strong majority of surveyed members endorsed the President’s proposed data breach notification rules.

In fact, today it seems quite logical that timely disclosure of data breaches is usually in the best interest of both the organization that suffered the data breach, and the individuals whose data has been compromised. For companies, the stigma of suffering a data breach is no longer as severe as it once was (with the possible exception of outlier cases like the late 2014 Sony breach), and consumers are able to reduce the likelihood of suffering actual fraud when they are notified quickly.

Read More

Temporal vs. Population Anomaly Detection

Prelert’s Anomaly Detective allows users to discover two major flavors of anomalies, those that are temporal in nature (with respect to time) and those that are population based (with respect to all others). But, what are the differences between these two types and under what circumstances would you use one kind over the other? This blog discusses the details behind the analyses, their merits, and best practices based upon common rules of thumb.

Read More

Security Analytics Use Case: Finding Document Thieves

One of the nicest things about staying in close contact with users that evaluate Anomaly Detective is that I'm always hearing of interesting use cases in which anomaly detection is applied to discover something that you may not have otherwise known. This particular use case comes from a prominent university that was suspicious that its licensed documents (i.e. journal articles) were being stolen using hijacked user accounts. Here's how they put Anomaly Detective on the case.

Read More

Anomalies as Unexpected or Rare by Time of Day

I have been recently asked several times about detecting anomalies as activities that are unexpected or rare as a function of the time of day that they occur. In this blog, I discuss two unique techniques that might be useful for you to exploit the time of day as a parameter in Prelert’s anomaly detection software.

Read More

Are you a Geek or a Nerd?

The holidays are a great time to ponder the bigger questions in life. And so it was on the last days before Christmas that Heather (my marketing cohort) and I recently pondered the serious issue of renaming the blog section dedicated to the deep issues of mathematics and coding techniques. Should it be "For Math & Code Geeks" or "For Math & Code Nerds?".

Read More

The Secrets to Successful Data Mining

If you were planning a cross-country road trip, would you spend numerous hours manually reviewing paper maps to find the best route and calculate how long the trip will take? Or would you use a GPS navigation system that can suggest the best route and accurately calculate the travel time within seconds? Moving from traditional IT monitoring to machine learning-based anomaly detection technology is similar to moving from paper maps to GPS.

Traditional IT monitoring requires you to write extensive rules and thresholds for about 1% of your meaningful data and then manually data mining the rest when you have a problem you have to troubleshoot. It is an incredibly labor-intensive process, particularly as IT environments get larger and more complex. What if you could turn this around and have machine learning anomaly detection software monitor all your relevant data so you can reduce the time you spend troubleshooting by 60-70%? Would that be of interest?

Read More

Big Data Analytics to the Rescue: Why Security Teams Need Machine Learning

As originally published by Help Net Security.

In the battle against cyber criminals, the good guys have suffered some heavy losses. We’ve all heard the horror stories about major retailers losing tens of millions of credit records or criminal organizations accumulating billions of passwords. As consumers, we can look at a handful of friends at a cocktail party and assume that most, if not all, of them have already been affected.

So how can an IT security organization ensure they are not the next target (excuse the pun)?

It turns out there are common characteristics of successful attacks. However, the evidence of intrusion are often hidden in the noise of IDS/IPS alerts; security teams have no visibility to telltale signs of much of the discovery and capture activities; and exfiltration is cleverly designed to operate below alert thresholds, the traces hidden in huge volumes of data.

Read More

Data Mining: Don't Settle for Monitoring 1% of Your IT Operations Data

Automation vs. data mining

Do you have the whole automation vs. data mining thing backwards? Traditional IT monitoring approaches automatically analyze less than 1% of the data available looking for 'known bad' behaviors. When a problem is found, an alert is raised that tells us what happened. Troubleshooting teams then have to manually ‘mine’ the other 99% of the data to find out why there was an alarm in the first place.

No wonder recent surveys on the state of IT operations verify that two of the biggest concerns are "time spent troubleshooting" and "problems reported by users before IT knows about them."

With corporate data growing rapidly, many companies are starting to look for solutions that enable early detection of anomalies, as well as faster troubleshooting, so they can investigate emerging issues before they become critical.

Read More

Subscribe to updates

why all IT Security professionals should be using anomaly detection software

Free Whitepaper: 3 Ways that Anomaly Detection Software Improves Your IT Operations and Performance Issues

Anomaly Detection: A Look Under the Hood - Watch the technical video now

What is Anomaly Detective? Watch the product video.