Likewise, if a user that’s been doing administrative tasks starts sending large files to an outside IP address, that’s another alert.
But with the machine learning in Blindspotter even seemingly minor things can raise the alarm.
Suppose, for example, an administrator performs a series of tasks in the same order ever day which might be normal. But suppose those tasks are carried out exactly the same way at exactly the same time every day, which is something a person wouldn’t do because people normally aren’t that exact. Then again it’s a reason to raise an alarm.
Sometimes, of course, the problem isn’t an unauthorized user, but rather a trusted user doing things they shouldn’t.
Then, the keystrokes, mouse movements and data flow that caused suspicion can be played back, just as if they were recorded on tape, so that the security staff can see what a user who triggered an alert was actually up to. This is the way that you might detect a sales person downloading the company customer list before going to work for a competitor.
What’s important is that with the machine learning in Blindspotter, it’s now possible to detect the activities of fraudulent users after privileged accounts have been hijacked, or when privileged users take advantage of their position. This has been difficult to impossible to accomplish with earlier security products, leaving companies open to attacks through the conduits they need to operate.
And there’s another capability that can help companies trying to stay free from breaches. Because the Shell Control Box works as a proxy and router, it can prevent the movement of data outside the network, effectively acting as a default-deny router.
For most organizations, the ability to get an alert when something unexpected is going on, especially with privileged users, is a powerful security tool. Couple that with the ability to play back suspicious access sessions and it’s now possible to see when a privileged user is doing something wrong or when the user’s account has been taken over by an intruder.
By filtering out extraneous information, the end result is that network managers can have the ability to spot the beginnings of a breach in its earliest stages and stop it in its tracks.
This alone could have prevented some of the most serious recent attacks ranging from data breaches at the Target retail chain to the U.S. Office of Personnel Management. It’s a capability that should exist in one way in enterprises that may be attacked, which we can safely assume is all of them.
Quiz: What do you know about cybersecurity in 2016?
Originally published on eWeek
Page: 1 2
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
US prosecutors confirm earlier reports, demand Google sells off Chrome web browser and end default…
Following Australia? Technology secretary Peter Kyle says possible ban on social media for under-16s in…
Restructuring expert appointed to oversea Northvolt's main facility in northern Sweden, amid financial worries