Blindspotter Uses Machine Learning To Find Suspicious Network Activity

Likewise, if a user that’s been doing administrative tasks starts sending large files to an outside IP address, that’s another alert.

But with the machine learning in Blindspotter even seemingly minor things can raise the alarm.

Suppose, for example, an administrator performs a series of tasks in the same order ever day which might be normal. But suppose those tasks are carried out exactly the same way at exactly the same time every day, which is something a person wouldn’t do because people normally aren’t that exact. Then again it’s a reason to raise an alarm.

Pattern detection

But it can go even deeper. It turns out that a person’s mouse and keyboard use have certain patterns and rhythms, which can be detected and analyzed by Blindspotter and stored by Shell Control Box. If someone suddenly exhibits a different manner of mouse or keyboard use, then it’s time to issue an alert to the security staff who may want to check the user out.

Sometimes, of course, the problem isn’t an unauthorized user, but rather a trusted user doing things they shouldn’t.

Then, the keystrokes, mouse movements and data flow that caused suspicion can be played back, just as if they were recorded on tape, so that the security staff can see what a user who triggered an alert was actually up to. This is the way that you might detect a sales person downloading the company customer list before going to work for a competitor.

Be alert

What’s important is that with the machine learning in Blindspotter, it’s now possible to detect the activities of fraudulent users after privileged accounts have been hijacked, or when privileged users take advantage of their position. This has been difficult to impossible to accomplish with earlier security products, leaving companies open to attacks through the conduits they need to operate.

And there’s another capability that can help companies trying to stay free from breaches. Because the Shell Control Box works as a proxy and router, it can prevent the movement of data outside the network, effectively acting as a default-deny router.

For most organizations, the ability to get an alert when something unexpected is going on, especially with privileged users, is a powerful security tool. Couple that with the ability to play back suspicious access sessions and it’s now possible to see when a privileged user is doing something wrong or when the user’s account has been taken over by an intruder.

By filtering out extraneous information, the end result is that network managers can have the ability to spot the beginnings of a breach in its earliest stages and stop it in its tracks.

This alone could have prevented some of the most serious recent attacks ranging from data breaches at the Target retail chain to the U.S. Office of Personnel Management. It’s a capability that should exist in one way in enterprises that may be attacked, which we can safely assume is all of them.

Quiz: What do you know about cybersecurity in 2016?

Originally published on eWeek

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

1 day ago

Tech Minister Admits UK Social Media Ban For Under-16s “On The Table”

Following Australia? Technology secretary Peter Kyle says possible ban on social media for under-16s in…

2 days ago

Northvolt Appoints Restructuring Expert For Main Battery Plant

Restructuring expert appointed to oversea Northvolt's main facility in northern Sweden, amid financial worries

2 days ago