Results from our recent survey of over 40 IT organizations revealed a lack confidence in their ability to contain and neutralize threats. Most alarming, however, was that 100 percent simply didn’t know what their users were connecting to or doing on their networks.
Corvil’s Security Analytics addresses this problem directly with new user behavior profiling technology. Advanced machine learning algorithms distinguish between normal and suspicious user behavior, giving security teams the information they need to reduce the risk of insider threats (be they from compromised accounts, disgruntled users, or just employee carelessness) in a way that is beyond many of their current capabilities.
As insider threats proliferate, there is a clear demand for Corvil’s user-centric network traffic analysis and forensics. According to the Ponemon Institute, the average number of incidents involving employee or contractor negligence has increased by 26% since 2016, and by 53% for criminal and malicious insiders. Credential theft incidents were up by 170% as attackers use those credentials to masquerade as insiders to further the scope of their attacks.
In our survey, 90 percent of respondents said they would consider user fingerprinting, a way of identifying users based on their network activity. Right now they are using a combination of system logins (55%), endpoint logs (57%), and network information (68%).
Most of them (68%) are trying to detect anomalies by distinguishing between normal and suspicious activity, but the survey suggests they are struggling. All of them admitted they didn’t have the data or tools to completely investigate an incident. They had little confidence in their ability to see a direct attempt to get access to system or network files, to detect data exfiltration or to identify a compromised user account.
Perhaps the most worrying aspect of the survey was that none of the respondents believed they had the ability to complete an investigation in a timely enough way to respond effectively to a breach. A quick response to an identified attack is a pillar of effective security, but you can’t do it if you don’t have visibility and a granular understanding of the threat that’s unfolding.
Using a combination of machine learning analytics and forensics, Corvil’s deep packet network analysis of user, host, and communication payloads reveals actionable insights about potential cyber attacks in a timely way for SOC analysts. Analysts can quickly establish if anomalous behaviors are careless users or if an employee’s account is compromised and being used as a beachhead, or if an attacker is moving laterally across the network.
Corvil provides user-centric network visibility by learning distinctive patterns of network activity associated with each user, matching historical and live data to automatically detect unusual behavior that deviates from learned profiles.
This is not a ‘nice-to-have’; it’s transformational, finding evasive insider threats that traditional defensive solutions miss and that are leaving organizations exposed. The endgame is a more rapid, and accurate, response that will slash the average dwell time that attackers are resident in a network from 90-days to hours.
Find out more about Corvil analytics for cyber security.