After years of data breaches, exploitable vulnerabilities, denial-of-service attacks and threats coming from every direction, most enterprises are finally approaching cyber risk as a top business risk, versus a technical problem. As a result, stakeholders at all levels of the organization, from the C-suite to the security team are more “in-the-know” about top challenges pertaining to cyber risk – to the point where they can boil them down to a common set of five:
- Cyber security budgets are overtaxed, manpower is hard to find, and hiring new staff is difficult due to the skills shortage, and lack of budget. Meanwhile, there’s more data to protect than ever before, and threat alerts are pouring into Security Operations Centers with a limited number of analysts to look through them. As a result, security investigators receive alerts that end up being false positives or present minimal risk, while the more significant ones slip through the cracks.
- Cloud migration is a phenomenon that’s revolutionizing information technology. However, as companies move their applications and systems to the cloud, they are losing visibility into activity around that infrastructure. For example, it’s more difficult to make sure sensitive data isn’t going into cloud repositories unencrypted, or that moving a new application into the cloud isn’t violating GDPR requirements.
- The Microsoft Office 365 migration presents its own challenge. While Office 365 significantly improves operational efficiencies, it is not a push-button project that can be accomplished overnight. The migration presents a new set of concerns around security and compliance due to less visibility into activity around the application.
- The digital transformation is here and not going anywhere. As stated in a 2018 Forrester report, “You’ll spend 80% to 90% of your budget building a technology stack to deliver digital experiences that will multiply rapidly.” As organizations become more technology-driven, they lose control and visibility over all the technologies touching sensitive data. For example, if a company’s internet-connected heating system in a warehouse accesses a server containing sensitive financial data in the middle of the night, that is most likely evidence of a compromised system. Unless the company has tools monitoring the behavior of the system, it would not know that unusual activity took place.
- Identity management has become more complicated. Employees and third-party vendors have access to a greater number of systems, which are also more complex being that many are cloud-based and constantly being updated, making it more difficult to understand who is accessing what, and whether they should be accessing that system. People interact with data in so many ways, and data is being shared across so many different places. Not to mention, one of the biggest challenges, which is disabling access once a user no longer needs it.
Symantec offers technologies such as data loss prevention (DLP) and CASB that have helped countless organizations overcome some of these challenges, however, there has been one piece missing – until now. Symantec Information Centric Analytics (ICA) is a user and entity behavior analytics platform that integrates with Symantec’s numerous solutions to make them even more efficient and effective at tackling all five challenges. Here’s how:
- By integrating with DLP, ICA helps security analysts and investigators focus their time, budget and limited resources on only the threats that matter most. ICA analyzes the mountain of threat alerts within minutes and prioritizes and presents the most critical ones to investigators. As a result, investigators receive a smaller set of truly critical alerts. With machine learning capabilities, ICA continuously learns which types of events elevate risk and automatically whitelists business-as-usual, minimal risk events so that analysts and investigators do not see them again. On the other side, employees who are performing those activities can continue to do their jobs uninterrupted.
- ICA integrates with CASB and DLP in the cloud, centralizing data analysis and visibility into cloud activity. ICA enables organizations to see how users are interacting with cloud applications and systems, detect and prioritize high risk activity, as well as detect if a migration violates compliance regulations such as the GDPR.
- ICA enables security leaders to maintain visibility into and control of Microsoft Office 365. The platform provides behavior and user-based finely grained data, detecting unusual Office 365 interactions that may indicate a compromise and prioritizing 365 users posing the most risk to the organization.
- Going back to the warehouse example mentioned above, ICA can not only detect the internet-connected heating system accessing the company’s financial server in the middle of the night, but also prioritize the behavior as a highly critical alert so that investigators can mitigate it before sensitive data is stolen. The more companies use internet-connected technologies and applications, and leverage SaaS platforms, the more visibility they need into the behaviors surrounding those entities. ICA provides that deep level of visibility.
- ICA integrates with Symantec’s identity access management (IAM) solution giving security leaders more visibility and control of how users are accessing data. With ICA, analysts will know if an employee is handling data that he no longer needs or shouldn’t be handling. If a user’s account was compromised, ICA would detect the user behaving in a way that’s unusual for himself, peers and overall business unit, indicating a bad actor has taken over his account. ICA can identify a situation where overly permissive access shows data is being compromised.