1 year ago


masterclass HOW MACHINE

masterclass HOW MACHINE LEARNING CAN HELP YOU MONITOR INSIDER THREATS CHARLOTTE GURNEY, MARKETING MANAGER, BROOKCOURT SOLUTIONS, LOOKS AT THE ROLE THAT MACHINE LEARNING-BASED SOLUTIONS CAN PLAY IN PREVENTING POTENTIALLY DEVASTATING CONSEQUENCES Charlotte Gurney, Marketing Manager, Brookcourt Solutions. Ophir Bleiberg, vice president of emerging products and research for Imperva, states that, in the popular imagination, the idea of a compromised network involves a computer genius, sitting nowhere near the businesses physical location, who takes down a network in one fell swoop, plunging the organisation into chaos. While this scenario might work in a Hollywood movie, the reality is often far less dramatic. In reality, networks are often compromised by insiders - especially as business shifts online and the associated data presents a growing opportunity for malicious actors to monetise the data. WHAT IS AN INSIDER THREAT, AND WHAT TYPES OF THEM ARE THERE? Insider threats come in three main groupings: malicious, compromised or careless. A malicious insider is arguably the type of insider threat that organisations think about the least; very few board members or security professionals would like to think about their trusted employees as potential threats, so they are often overlooked, especially when considering their enormous potential for causing organisation havoc - perhaps best illustrated by Edward Snowden. A careless actor is one who may not have any ill will or desire to hurt the company, but accidentally puts data at risk. This kind of threat has become increasingly common as the line between work and home blurs ever further and people take more work home with them. If someone is accessing a network from a personal smart phone or laptop, for example, they may not have the same protection on their device as they do in the office environment. Finally, a compromised actor is a member of staff who has unwillingly allowed his machine or network account to be compromised. This can happen via a phishing email that installs malware on a device, for example. WHAT IS TO BE DONE? Even if these security professionals were available, the amount and variety of data flowing through any given organisation's system means that not all the threats discussed earlier would not get identified. So, to fill this gap, security professionals are turning to a solution that can be programmed to do the work of 100 security analysts, in a fraction of the time. Machine learning -based solutions can analyse vast data sets and utilise the patterns evident within them to establish a 'good' actor from a 'bad' actor. They can then categorise anomalous activity, which, in turn, may be passed on to a security analyst who can work to further analyse these few incidents. Insider threats and various other forms of cyberattacks often go unnoticed within the organisation, potentially for months, particularly when people are doing things they had permission to do. While it is easy enough to identify a user acting outside of his jurisdiction, it is not as easy to recognise the signs of automation in a system. If a users' device has been infected with malware, for example, the malicious software may be automated to scan data sets. By reviewing the patterns, it has already established in the data sets, a well programmed piece of machine learning software could identify this automation before the careless user has allowed the network to be seriously compromised. A security analyst can only work as fast as he is capable of, but a well programmed machine learning programme can do the leg-work that would be too timeconsuming for even the most talented security researcher. Brookcourt and its partner Imperva can identify machine learning-based solutions that detect threats at a much greater speed than human agents and can help to prevent potentially devastating consequences. Please contact: 12 computing security May/June 2018 @CSMagAndAwards

mobile working ARE WE BACK TO WORKING FROM THE OFFICE? SIMPLY PUT, THE ANSWER TO THE QUESTION ABOVE IS 'NO'. DESPITE A HANDFUL OF LARGE AND VERY PROMINENT I.T. COMPANIES STATING THEY ARE GOING TO BE TRYING TO MOVE AWAY FROM THIS, WE HAVE REACHED A POINT OF NO RETURN, SAYS PAVEL DUDDELL, HEAD OF SALES EMEA, CELESTIX The statistics show that mobile working is on the increase and one need only walk down the high street to see people in coffee shops enthusiastically punching keys on their laptops over a Cappuccino to confirm this. The benefits of remote working vastly outweigh the alternative. It has been shown that it can increase productivity and efficiency, as well as reducing staff turnover. This, coupled with the obvious saving organisations can make in reducing their real estate, seems like the logical move forward. We have reached a time where employees no longer view the ability to work remotely as a 'perk', but as the de facto standard. Unfortunately, there are hidden risks and costs that need to be factored in. Once an organisation begins to move people out of the perceived safety of the physical office, it needs to think about how to secure these users, their devices and the connections. This comes with a cost, being additional technology and labour. Despite us living at a time where most people are relatively tech savvy, every time an additional hurdle is placed before them it provides the user with another chance to trip over the said hurdle. What does this mean? If an employee has too many processes to go through in order to connect they may decide not to do so as frequently or not at all, they may be ringing your help desk asking for assistance adding an additional burden. This has a potential cost to the organisation, in lost productivity and labour, not to mention the possible security risks, which may carry monetary repercussions. How do we work with this? Simply put, organisations no longer need to equip their remote workers as though they are about to go into the field of battle. There are ways to reduce the number of hurdles for the end user, while maintaining the highest levels of security. We need to work towards making the end user remote working experience as familiar as working from the bricks and mortar office. Luckily, we are now fortunate enough to be able to choose one or two solutions, rather than dozens to enable this. We need to be looking to our existing technology vendors, their solutions and the software licensing we already have in place before going out to the market in order to add an extra complication. You may be pleasantly surprised that some of your existing partners can actually enable you to drive the remote working vision forwards, without having to add yet another technology to your organisations. Remote working, mobile working, agile working, which ever term you wish to refer to it as, is here to stay. It is now up to us as IT professionals to become enablers. We need to look at how we can make remote working secure, straightforward and economical. Pavel Duddell, head of sales EMEA, Celestix. @CSMagAndAwards May/June 2018 computing security 13