Posts

The adversary is using your workforce against you

Reluctant to monitor your employees? What about their accounts?

You’re one of the lucky ones. You’ve built an organization made entirely of people you trust and have come to rely on. Not many can make that claim, but you don’t have to worry about one of your own stealing from you. Installing a system to monitor your employees would be a betrayal of that trust, and it won’t be on your agenda anytime soon.

In reality, you’re not doing yourself or your employees any favors. You are, in fact, inviting disaster in.

A lot has been made about the insider threat over the last couple of years. There’s been a rise in malicious insider attacks of theft, fraud and IT sabotage, and the cost on average will be higher for an attack originating inside the perimeter. But that only tells part of the story, as we look at how outside attackers are able to breach our networks.

A quick analysis of the numbers behind the 2015 Verizon Data Breach Investigations Report shows that over 90% of all data breaches involved the use of valid network credentials. That’s right: your employee’s credentials are providing the keys to the kingdom, with or without their knowledge.

 

It’s asymmetric warfare, and your employees aren’t the ones heavily armed in this fight.

 

Whether the attack is coming from inside or out, valid credentials are still needed to VDBIRLaptopaccess your resources on the network. An insider doesn’t have to work very hard for them: they’re given their network account on their first day on the job. But if you think the outsider has to work much harder, think again. An experienced hacker has enormous resources at their disposal. The first option is to simply buy stolen credentials on the internet, as happened with the recent Anthem data breach. Then there’s the tried-and-true process of guessing simple or unchanged default passwords used by negligent employees, contractors and vendor systems, like the case at Advocate Health Care. Next are the many applications of social engineering (such as that used on Target), including sophisticated spear-phishing attacks and compromised personal devices like phones and tablets (i.e. BYOD) that your employees are connecting to the network. It’s asymmetric warfare, and your employees aren’t the ones heavily armed in this fight.

Nor is this likely to change with any amount of training and awareness. After years of coverage by the press on the dangers, employee click-rate on phishing attacks remains high, according to the 2015 Verizon DBIR: 23% of recipients now open phishing messages and 11% click on the attachments. And it only takes one to let the attackers in.

As the most prominent avenue used by attackers to enter your network, user accounts need to be continuously monitored for signs of suspicious behavior or misuse, even when the owner of the account is beyond reproach.

Personam to Showcase Technology at NITSIG Insider Threat Symposium

PRESS RELEASE

Personam Inc., the leader in insider threat protection technology today announced its upcoming participation at the 2015 NITSIG Insider Threat Symposium & Expo which will take place at the Johns Hopkins University – Applied Physics Laboratory (JHU-APL) Kossikoff Center in Laurel, Maryland on March 31st, 2015.

 

McLean, VA (PRWEB) March 24, 2015

Personam Inc., the leader in insider threat protection technology, today announced its upcoming participation at the 2015 NITSIG Insider Threat Symposium & Expo which will take place at the Johns Hopkins University – Applied Physics Laboratory (JHU-APL) Kossikoff Center in Laurel, Maryland on March 31st, 2015.

The Insider Threat Symposium & Expo provides opportunities for professional development with informative presentations from leading experts in insider threat, and an exposition that will feature industry technologies and services.

At the Insider Threat Symposium & Expo, Personam Inc. will be featuring its patent pending technology, geared specifically to detect insider threats and compromised accounts.

“Our technology uncovers compromised accounts, breached perimeters, and malicious insiders that other products miss”, said Chris Kauffman, Personam Inc.’s CEO. “Traditional technologies are incapable of detecting these types of threats. We have discovered active attacks on customer networks with every deployment to date, even when other cyber products are present.”

About Personam

Personam is the leading innovator using advanced analytics and machine learning to detect insider threat attacks in-progress. Personam’s appliance provides passive network monitoring without the dependence of endpoint software agents or pre-defined event input data. Often installed and operational in less than an hour, Personam continuously monitors the behavior patterns of the users and devices on the network. The moment a threat is detected, analysts in Personam’s monitoring center are notified and aid the client with incident response. Personam’s headquarters and research labs are located in McLean, VA.

Press Release: http://www.prweb.com/releases/2015/03/prweb12601057.htm

http://www.nationalinsiderthreatsig.org/nitsig-insiderthreatsymposiumexpo.html
http://www.talonsecuritysolutionsllc.com/

Personam ITD would have Saved Sony Millions

SONY, a global tech giant, was brought to kneel this past week by the Sony2most devastating type of cyber threat, an “inside job”. Losses weren’t only confined to a single division but rather affected nearly every operating unit of the global brand. Denied access to online systems, the worldwide workforce resorted to using pens, paper, landline telephones, and fax machines to perform essential duties. As reported by The Verge, the alleged culprits involved personnel with physical access to the computer network. More than a denial of service outage shrouded in a political statement, this was a heist of monstrous proportions, possibly perpetrated by North Korea in retaliation for the film “The Interview”. At least five unreleased movies from Sony Pictures were stolen and subsequently circulated freely to the public, with over 880,000 downloads in just a single day. The damage in terms of lost productivity and revenue is incalculable. Losses including those from high-profile feature films such as “Fury,” will be hundreds of millions of dollars against an already teetering balance sheet. This was the last thing Sony could afford yet the company employed no technology capable of detecting or repelling such an attack.

“At Personam, our Insider Threat Detector is the most advanced in the world.”

Sony isn’t alone, the vast majority of companies and government agencies are equally vulnerable from an inside job perpetrated by a rogue employee or person with inside access. The most advanced firewalls provide little protection against the enemy cloaked as a trusted insider with access. Defensive measures point outward, assuming attackers will assert their greatest effort against the strongest fortifications. However, attackers target the weakest layer of security, the trust place in employees with access to the network. Thieves, activists, and foreign spies spear phish credentials from top-level employees or outright recruit those individuals to their cause. The hactivist organization Anonymous, for example, deliberately inserts members into job interviews to plant those members in positions of trust.

Sony’s situation doesn’t need to be the new normal. The insider threat is preventable. Not through defending assets but instead employing behavior profiling. Improved hiring practices, background checks, two-factor authentication, advanced firewalls, and log-file analyzers are ineffective at detecting a committed insider. The only real way to defend against the insider threat is to deploy automated behavioral profiling that indiscriminately observes distinct features and employs a non-parametric alerting system, meaning it uses no “set rules” for an insider to discover or bypass. This technology is effective, maintains employee privacy, and is available today.

At Personam, our Insider Threat Detector is the most advanced in the world. Our latest appliances are non-intrusive and easily inserted into local networks. These systems have caught insiders engaged in illegal or prohibited behaviors in 100% of their installations, a testament to how common insider threats truly are. Our detectors are so sensitive that the faintest threats are detected yet well-behaved enough to produce few false-positives.

If Sony had used Personam’s Insider Threat Detector, their current breach could have been prevented. For less than the cost of one hour of outage, Sony could have protected their entire company for years. The current best practices are ineffective at catching real insider threats and give a false sense of security. Companies and government agencies must acknowledge the damage insiders can bring and immediately prioritize non-parametric behavioral monitoring technologies that preserve the privacy of each employee’s digital activities while detecting malicious intent.

Personam Featured in MarketWatch Article on Insider Threat

Personam’s Founder and CEO, Chris Kauffman, was interviewed for a MarketWatch article on insider threats , “Are you a psychopath? Your boss wants to know”.

 

About Personam

Personam is the leading innovator using advanced analytics and machine learning to detect insider threat attacks in-progress. Personam’s appliance provides passive network monitoring without the dependence of endpoint software agents or pre-defined event input data. Often installed and operational in less than an hour, Personam continuously monitors the behavior patterns of the users and devices on the network. The moment a threat is detected, analysts in Personam’s monitoring center are notified and aid the client with incident response. Personam’s headquarters and research labs are located in McLean, VA. More information can be found at www.PersonamInc.com.

algorithm, anomaly detection, answer, Bradley Manning, breach, cyber security, Edward Snowden, insider threat, preventable, wikileaks

The world was awed two years ago when IBM’s Watson defeated Jeopardy! champions Brad Rutter and Ken Jennings. Watson’s brilliant victory reintroduced the potential of machine learning to the public. Ideas flowed, and now this technology is being applied practically in the fields of healthcare, finance and education. Emulating human learning, Watson’s success lies in its ability to formulate hypotheses using models built from training questions and texts.

Three years ago, Army Private First Class Bradley Manning leaked massive amounts of classified information to WikiLeaks and brought to public awareness the significance of data breaches. In response to this and several other highly publicized data breaches, government committees and task forces established recommendations and policies, and invested heavily in cyber technologies to prevent such an event from reoccurring. Surely, we thought, if anyone had the motivation and resources to get a handle on the insider threat problem, it is the government. But, Edward Snowden, who caused the recent NSA breach, has made it painfully obvious how impotent the response was.

Lest we assume this is a just government problem, enormous evidence abounds showing how vulnerable commercial industry is to the insider. We are inundated with a flood of articles describing how malicious insiders have cost private enterprise billions of dollars in lost revenue, so why has no one offered a plausible solution?

The insider threat remains an unmitigated problem for most organizations, not because the technologies do not exist, but rather because the cyber defense industry is still attempting to discover the threat using a rules-based paradigm. Virtually all cyber defense solutions in the market today apply explicit rules, whether they are antivirus programs, firewalls with access control lists, deep packet inspectors, or protocol analyzers. This paradigm is very effective in defending against known malware and network exploits, but fails utterly when confronted with new attacks (i.e. “zero-days”) or the surreptitious insider.

In contrast, acknowledging that it was impossible to build a winning system that relied on enumerating all possible questions, IBM designed Watson to generalize and learn patterns from previous questions and use these models to hypothesize answers to novel questions. The hypothesis with the highest confidence was selected as the answer.

Like Watson, an effective technology to detecting the insider must adaptively learn historical network patterns and then use those patterns to automatically discover anomalous activity. Such anomalous traffic is symptomatic of unauthorized data collection and exfiltration.

Inspired by the WikiLeaks incident, Sphere’s R&D team has investigated machine learning algorithms that construct historical models by grouping users by their network fingerprints. As an example, without any rules or specifications, the algorithms learn that bookkeeping applications transmit a distinctive pattern that enables grouping accountants together, and HR professionals are grouped by the recruiting sites they visit. These behavioral models generalize normal activity and can be used as templates to detect outliers. While users commonly generate some outliers, suspicious users deviate significantly from their cohorts, such as the network administrator that accesses the HR department’s personnel records. Like Watson, the models allow the system to form hypotheses.

Applied to cyber security, every time an entity accesses the network, the algorithms hypothesize if the activity conforms to its model. If it does not conform, that activity is labeled an outlier. Because these methods use a statistical confidence that dynamically balances internal thresholds on network activities (e.g., sources and destinations, direction and amount of data transferred, times, protocols, etc.), it becomes extremely hard for a malicious insider to outsmart. Simply the fact that the system does not reveal its thresholds can have a significant deterrent effect.

A paradigm shift in cyber technologies is happening now. Cyber security professionals agree that preventing data breaches from a malicious insider is a difficult task, and the past suggests that next major breach will not be detected with existing rules-driven cyber defense solutions. Next generation cyber security technology developers must seek inspiration from IBM’s Watson and other successful implementations of machine learning before we can hope to prevail against the insider threat.

 

Detect the Threat – How it Works Brief

Detecting active threats on a compromised network is an exceptionally difficult task, and very few organizations have been able to accomplish it. The evidence of this is clear from a single industry statistic: eighty-six percent (86%) of all data breaches go undetected by the breached organization1. Insider threats play a significant role in this problem, and traditional cyber security tools can do little to address it.

 

Download How it Works Brief

HowItWorksSM

 

 

Personam to Brief the House Intelligence Committee on Insider Threat

The staff of the House Permanent Select Committee On Intelligence has invited Chris Kauffman, Personam’s Founder and CEO, to brief them on Personam’s insider threat detection capabilities. In the wake of the high-profile Bradley Manning and Edward Snowden events, and the Presidential Memorandum on National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, the staff is interested in learning how existing practices like background checks and training & awareness programs can be supplemented with advanced technology for the continuous monitoring of the workforce.

About Personam

Personam is the leading innovator using advanced analytics and machine learning to detect insider threat attacks in-progress. Personam’s appliance provides passive network monitoring without the dependence of endpoint software agents or pre-defined event input data. Often installed and operational in less than an hour, Personam continuously monitors the behavior patterns of the users and devices on the network. The moment a threat is detected, analysts in Personam’s monitoring center are notified and aid the client with incident response. Personam’s headquarters and research labs are located in McLean, VA. More information can be found at www.PersonamInc.com.

Personam Featured in Article on Federal Agencies Embracing New Technologies for Insider Threat

Personam’s Founder and CEO, Chris Kauffman, was interviewed for a Washington Post article on insider threat technologies, “Federal agencies embrace new technology and strategies to find the enemy within”.

 

About Personam

Personam is the leading innovator using advanced analytics and machine learning to detect insider threat attacks in-progress. Personam’s appliance provides passive network monitoring without the dependence of endpoint software agents or pre-defined event input data. Often installed and operational in less than an hour, Personam continuously monitors the behavior patterns of the users and devices on the network. The moment a threat is detected, analysts in Personam’s monitoring center are notified and aid the client with incident response. Personam’s headquarters and research labs are located in McLean, VA. More information can be found at www.PersonamInc.com.

Personam to Attend RSA 2014 Conference

The Personam Team will be attending the RSA Conference in force this year. The massive-scale cyber security event is taking place at the Moscone Center in San Francisco starting February 24. It will be a chance to see what attendees think of the state of cyber threats, and what they thing of industry’s response.

 

About Personam

Personam is the leading innovator using advanced analytics and machine learning to detect insider threat attacks in-progress. Personam’s appliance provides passive network monitoring without the dependence of endpoint software agents or pre-defined event input data. Often installed and operational in less than an hour, Personam continuously monitors the behavior patterns of the users and devices on the network. The moment a threat is detected, analysts in Personam’s monitoring center are notified and aid the client with incident response. Personam’s headquarters and research labs are located in McLean, VA. More information can be found at www.PersonamInc.com.