Identify stolen credentials to improve security intelligence
by Nir Polak - CEO of Exabeam - Friday, 6 June 2014.
Data is the heart of an organization, and IT security teams are its protectors. Businesses spend billions of dollars per year setting up fortresses to safeguard data from anyone who dare try to take it. The latest forecast from analyst firm Canalys has IT security spending increasing to $30.1 billion by 2017. Despite this investment, data breaches are on the rise.

The tools that hackers use are evolving at a rapid pace, making it impossible for IT security teams to keep up. However, the tactics remain the same. Companies that focus only on shielding themselves from obvious intrusions, like malware, will find themselves in a losing battle against sophisticated hackers. Successful IT security teams recognize the potential in leveraging existing security event management and information (SIEM) repositories to identify suspicious user activity that occurs after the point of entry, yet before data is stolen.

An acute focus on malware detection as the basis of a security strategy will have enterprises always playing catchup, as hackers immediately try to find new ways around the latest defense technologies that come onto the market. New malware threats are being created at a rate of 82,000 per day, which helps explain why a recent study found that despite improved defensive capabilities, 97 percent of surveyed networks still experienced a breach.

As hard as businesses might try to prevent malware infection through detection or employee education, all it takes is one employee clicking a bad link and a hacker can gain a foothold on an organizationís IT network. Check Point found in its 2014 Security Report that of the organizations it tracked, 84 percent had malware infections. Even more alarming is that in 2013, 58 percent of organizations had malware downloaded by employees every two hours or less, which was more than triple the amount from 2012.

Just as hackersí tools evolve, so do the ways in which users interact with the IT environment. The general idea of the office has become more nebulous. From BYOD practices to cloud storage to remote working trends, itís easier than ever for an employee to VPN into a network from anywhere in the world, be it his home, hotel or airport. While this helps improve business efficiency, it opens up several new opportunities for hackers to access a business network. Even if the business has an iron-tight security posture, what about partners and outside vendors that also have access to the network? It wasnít an employee whose credentials were compromised in last yearís Target data breach, for example, but those of an HVAC vendor.

To reverse this asymmetric advantage favoring hackers, enterprises can focus on what happens after the point of compromise. The purpose of malware is not to disrupt a network, but to steal user credentials to enable hackers to sneak around IT environments undetected. Once activated, malware removes any trace of its existence, typically within an hour. And itís working, as the majority of network intrusions are a result of stolen user credentials. Itís time to take the steam out of the hacking engine.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th