Data Breach Notification: You Need to “Know” Before You Can “Notify”

With all the discussion about data breach notification leading up to President Obama’s State of the Union address, it is clear that the US federal government is considering data breach legislation that would pre-empt state laws already on the books.

While there will certainly be political debate regarding the merits of a federal law versus individual state laws (currently 47 states have data breach notification laws), a study by ISACA this week showed that a strong majority of surveyed members endorsed the President’s proposed data breach notification rules.

In fact, today it seems quite logical that timely disclosure of data breaches is usually in the best interest of both the organization that suffered the data breach, and the individuals whose data has been compromised. For companies, the stigma of suffering a data breach is no longer as severe as it once was (with the possible exception of outlier cases like the late 2014 Sony breach), and consumers are able to reduce the likelihood of suffering actual fraud when they are notified quickly.

Read More

Temporal vs. Population Anomaly Detection

Prelert’s Anomaly Detective allows users to discover two major flavors of anomalies, those that are temporal in nature (with respect to time) and those that are population based (with respect to all others). But, what are the differences between these two types and under what circumstances would you use one kind over the other? This blog discusses the details behind the analyses, their merits, and best practices based upon common rules of thumb.

Read More

Security Analytics Use Case: Finding Document Thieves

One of the nicest things about staying in close contact with users that evaluate Anomaly Detective is that I'm always hearing of interesting use cases in which anomaly detection is applied to discover something that you may not have otherwise known. This particular use case comes from a prominent university that was suspicious that its licensed documents (i.e. journal articles) were being stolen using hijacked user accounts. Here's how they put Anomaly Detective on the case.

Read More

Anomalies as Unexpected or Rare by Time of Day

I have been recently asked several times about detecting anomalies as activities that are unexpected or rare as a function of the time of day that they occur. In this blog, I discuss two unique techniques that might be useful for you to exploit the time of day as a parameter in Prelert’s anomaly detection software.

Read More

Are you a Geek or a Nerd?

The holidays are a great time to ponder the bigger questions in life. And so it was on the last days before Christmas that Heather (my marketing cohort) and I recently pondered the serious issue of renaming the blog section dedicated to the deep issues of mathematics and coding techniques. Should it be "For Math & Code Geeks" or "For Math & Code Nerds?".

Read More

The Secrets to Successful Data Mining

If you were planning a cross-country road trip, would you spend numerous hours manually reviewing paper maps to find the best route and calculate how long the trip will take? Or would you use a GPS navigation system that can suggest the best route and accurately calculate the travel time within seconds? Moving from traditional IT monitoring to machine learning-based anomaly detection technology is similar to moving from paper maps to GPS.

Traditional IT monitoring requires you to write extensive rules and thresholds for about 1% of your meaningful data and then manually data mining the rest when you have a problem you have to troubleshoot. It is an incredibly labor-intensive process, particularly as IT environments get larger and more complex. What if you could turn this around and have machine learning anomaly detection software monitor all your relevant data so you can reduce the time you spend troubleshooting by 60-70%? Would that be of interest?

Read More

Big Data Analytics to the Rescue: Why Security Teams Need Machine Learning

As originally published by Help Net Security.

In the battle against cyber criminals, the good guys have suffered some heavy losses. We’ve all heard the horror stories about major retailers losing tens of millions of credit records or criminal organizations accumulating billions of passwords. As consumers, we can look at a handful of friends at a cocktail party and assume that most, if not all, of them have already been affected.

So how can an IT security organization ensure they are not the next target (excuse the pun)?

It turns out there are common characteristics of successful attacks. However, the evidence of intrusion are often hidden in the noise of IDS/IPS alerts; security teams have no visibility to telltale signs of much of the discovery and capture activities; and exfiltration is cleverly designed to operate below alert thresholds, the traces hidden in huge volumes of data.

Read More

Data Mining: Don't Settle for Monitoring 1% of Your IT Operations Data

Automation vs. data mining

Do you have the whole automation vs. data mining thing backwards? Traditional IT monitoring approaches automatically analyze less than 1% of the data available looking for 'known bad' behaviors. When a problem is found, an alert is raised that tells us what happened. Troubleshooting teams then have to manually ‘mine’ the other 99% of the data to find out why there was an alarm in the first place.

No wonder recent surveys on the state of IT operations verify that two of the biggest concerns are "time spent troubleshooting" and "problems reported by users before IT knows about them."

With corporate data growing rapidly, many companies are starting to look for solutions that enable early detection of anomalies, as well as faster troubleshooting, so they can investigate emerging issues before they become critical.

Read More

Ensure Compliance With IT Operations Analytics

As originally published by The ITOA Landscape.

Spam is a four-letter word in the marketing industry. The fine line between keeping consumers updated and engaged – or spamming them with unwanted emails – is something that every digital marketer has balanced on at one time or another.

The availability of new social media channels only compounds the problem. To give marketers the power of a coordinated and consistent message, several digital marketing companies have sprouted up that combine their ability to market successfully with a platform for businesses to reach many different customers and prospects, across several different channels, all with a single click. Great technology for the companies using it – but unfortunately, however, also very attractive to spammers.

Read More

Implementing StatsReduce in Anomaly Detective

One of the major additions to version 3.3 of Prelert Anomaly Detective® for Splunk was a feature called StatsReduce.  This feature enables Anomaly Detective to take advantage of Splunk’s distributed processing to analyse immense volumes of data quickly enough to deliver real-time insights.

Due to the way Anomaly Detective is designed, adding this feature wasn’t particularly difficult.  Tom’s last post explained how our anomaly detection algorithms are designed to work with aggregated data to solve the problem of data inertia.  One of the dimensions we aggregate over is time: we divide time into periods called buckets, calculate summary statistics of the data for each time bucket and do our analysis based on these statistics.

Read More

Subscribe to updates