From: Government Security News
By: Mark Seward
With more than 10 million purported attempts to break into Pentagon systems and servers each day, it was not surprising when the White House confirmed that individuals thought to be working for the Russian government attempted to hack its servers.
The White House is in good company with NATO, the Ukrainian government and U.S. defense contractors all detecting similar activities. Responding to the attack, anonymous officials indicated that the intruder didn’t damage any system or gain access to the “classified network.” This is typical of cyberespionage attacks, which are often motivated more by information gathering than by financial gain. Government businesses and agencies looking to defend themselves against cyberespionage attacks need IT security teams to take the fight to the new attack surface: on the network itself.
***
Just as the attack surface is evolving, so too, are the cybersecurity tools needed to protect businesses. A new class of system called a User Behavior Analysis solution automatically asks questions of data already collected by security information and event management (SIEM) solutions, and enhances it with Active Directory data. The system reconstructs all user session activity from log-on to log-off tracking, and assigns risk scores to all anomalous user behaviors and credential use characteristics. It speeds up a laborious manual investigation process, and can continuously monitor and track the user through IP changes and identity switches.
Leave a Reply