Threat Analytics, Privileged Access Management Leveraging AI, Machine Learning for Better Cybersecurity

1287
Credit: VERIZON’S 2019 DATA BREACH INVESTIGATIONS REPORT

By AI Trends Staff

AI is combining with cybersecurity to create a new genre of tools called threat analytics. 

Machine learning is enabling threat analytics to deliver greater precision around risk context, especially involving the behavior of privileged users, details a recent account in Forbes. This approach can be used to create notifications in real time, and actively respond to incidents by cutting off sessions or flagging for followup.

The commonly-held belief that millions of hackers have gone to the dark side and are orchestrating massive attacks on vulnerable businesses is a misconception. The more brutal truth is that businesses are not protecting their privileged access credentials from easy hacks. Cybercriminals are looking for ways to steal privileged access credentials and walk in the front door.

According to Verizon’s 2019 Data Breach Investigations Report, ‘Phishing’ (as a precursor to credential misuse), ‘Stolen Credentials’, and ‘Privilege Abuse’ account for the majority of threat actions in breaches.

Identities and the trust placed in them have become the Achilles heel of cybersecurity practices, according to a survey entitled “Privileged Access Management in the Modern Threatscape,” from Centrify, a company offering a cloud service to secure from attacks on modern enterprises. Some 74% of respondents acknowledged an organization breach resulting from access to a privileged account. 

While the threat actors might vary, according to Verizon’s 2019 Data Breach Investigations Report, the cyber adversaries’ tactics, techniques, and procedures are the same across the board. Verizon found that the fastest growing source of threats are from internal actors. 

Internal actors are able to obtain privileged access credentials with minimal effort, often obtaining them through legitimate access requests to internal systems or perusing sticky notes in the cubicles of co-workers. Privileged credential abuse is a challenge to detect, since legacy approaches to cybersecurity trust the identity of the person using the privileged credentials. In effect, the hacker is camouflaged by the trust assigned to the privileged credentials.

A cohesive Privileged Access Management (PAM) strategy would include machine learning-based threat analytics, to provide a layer of security that goes beyond passwords, multi-factor authentication or privilege elevation. 

Machine learning algorithms enable threat analytics to immediately detect anomalies and non-normal behavior by tracking login behavioral patterns, geolocation, and time of login, and many more variables to calculate a risk score. Risk scores are calculated in real-time and define if access is approved, if additional authentication is needed, or if the request is blocked entirely.

Threat analytics applications with machine learning-based engines are said to be effective at profiling normal behavior pattern for any user, or for any privileged activity including commands. This identifies anomalies in real time to enable risk-based access control. High-risk events are immediately flagged and elevated to the attention of IT, which in theory speeds analysis.

Effective Threat management applications may include support for Security Information and Event Management (SIEM) tools, such as Micro Focus ArcSight, IBM Radar and Splunk. 

Primer on Cybersecurity Analytics Available

A primer on the basics in this area, entitled “Security Analytics in the Age of AI: 2019 Update,” is available from AIMultiple, an organization tracking AI product and service options.

Cybersecurity analytics is defined as the study of the digital trail left behind by cyber criminals to help better understand weaknesses and how to prevent similar breaches in the future. 

While the terms cybersecurity and information security may be used interchangeably, they don’t mean the same thing exactly. In information security, the biggest concern is to safeguard data from illegal access of any kind. In cybersecurity, the biggest concern is to safeguard data from illegal digital access. In other words, cybersecurity works to protect digital information, whereas information security works to protect all information, regardless of whether it is kept digitally or not.

Benefits of cybersecurity analytics can include: a more visual analytics process, usable by business users; a more holistic view of security considerations, such as how an attack fits in context with existing systems; enhanced data enrichment capacity, making data elements more useful; an aid to IT departments; and a look at ignored data sources that may be important to understanding security threats.

The addition of AI tools into the cybersecurity mix adds more horsepower to existing technologies and leading to more effective practice. AI knowledge graphs can act as repositories for the enormous amount of data being constantly produced, helping to identify patterns and relationships that matter. This can enable more effective predictive analytics.  Machine learning has also demonstrated value in behavior analysis and in deploying countermeasures.

See the source posts at Forbes and at AIMultiple.