COMPROMISED USER / ENDPOINT

Endpoint protection becomes more complicated as users connect their own devices into the corporate network and as more users work remotely. An organization has to accept that not all traffic on the user’s device will go through the corporate security controls, and in many cases the organization may not have device control to enforce a specific endpoint security solution.

Opportunistic attackers and those attempting targeted threats on organizations tend to use socially-engineered emails sent to corporate email accounts to compromise user endpoints.

The 2013 Verizon Data Breach Investigations report explains that running a campaign with just three targeted phishing emails gives the attacker a better than 50% chance of getting at least one user to click and have their machine compromised; sending ten almost guarantees getting at least one user to click and compromise their device.

Once compromised, the endpoint can give up a mountain of an organization’s information along with access credentials that are keys to critical systems and data. The risk of exposure further increases when the compromised endpoint connects to the network and allows the attackers to spread laterally through the organization’s networked endpoints.

The best defense is a layered security approach which includes best-in-class security solutions on the endpoint to check for malicious behavior, signature matching, and other solutions that can inspect traffic going to and from the device. Additionally, detection and protection from email delivered threats early in the lifecycle of a threat is a primary strategy in stopping a large volume of endpoint delivered threats into organizations.

Business Case

Minimize business disruption from compromised accounts or devices

Challenges

Collecting the data from different sources, facilities and providers

Standing up a big data platform isn’t easy

Soolution

Use existing open source big data technology to collect sensor data in real-time

Monitor employee behavior in real-time that can stop data theft, fraud, policy violations and other malicious activities.

Highlight

  • Baseline user activity
  • Detect deviation from the norm, i.e, z score
  • Machine Learning to detect first-seen patterns