End-User Behavioral Analytics: Key Component to Cyber Threat Posture Xangati Blog Atchison Frazer Vice President, Marketing
June 03, 2015
Xangati Blog According to Mandiant, it takes the typical enterprise 243 days to discover a breach, such as undisclosed web vulnerabilities or spearfishing for email credentials. According to an IBM/Ponemon study in 2014, the average cost per record of a data breach was $241 or a total of $5.85 billion in the United States. Where are these attacks gaining traction and how? According to Verizon, the overwhelming majority, over 80 percent, is external to the enterprise. Further Arbor Networks’ Worldwide Infrastructure Security report showed that distributed denial of service attacks (DDoS) continued to grow in volume in scale, and in fact averaged a volumetric rate of 400 Gbps in 2014 (the largest volume Internet Exchange in the world, Amsterdam, rarely exceeds 300 Gbps of network traffic).
However, as enterprises increasingly expand applications to the cloud and extend access to mobile devices, Verizon says that activist hackers and organized crime correspondingly promulgate webapp attacks. In reality, the mobile end-user is the most vulnerable because of a variety of attack vectors that take advantage of the freestyle app-download culture that is also the power of the API/mobile wave. These attack vectors including everything from exploiting backdoor holes in rogue app stores to disparate Android OS versions to SMS (Trojans malware files).
Xangati Blog Now consider Gartner’s prediction that by 2018, 25 percent of corporate data traffic will bypass perimeter security and flow directly from mobile devices to the cloud. And you still know until 243 days later whether or not you will be vulnerable to a breach and as each hour and each day go by, the potential for advanced persistent threats to mobile endpoints compounds that risk factor. Clearly, the contemporary enterprise has to constantly evaluate cyber threat posture to ensure that its defenses are progressing from a reactive mode to a more proactive posture that results in a preventative architecture. One of the key elements to achieving such a milestone is to employ real-time predictive analytics that broadcast live, continuous end-user behavior metrics and detect anomalies based on machine-learned heuristics and pattern-recognition algorithms. Another progressive maneuver is to migrate from conventional client/server architectures to virtual desktop infrastructure platforms that provide greater control over not only the end-user quality of experience but also fine-grain behavioral analytics to measure and indeed mitigate risk to performance degradation issues that can often lead to security vulnerabilities.
Xangati Blog For example, 99 percent of webapps that revealed vulnerabilities, according to Verizon, had patch updates available. However, if you don’t have real-time visibility to end-user performance, you may never be alerted to a performance bottleneck, which in many situations is a resource-hog webapp. Predictive analytics tools should not only give you insights into virtual desktop end-user performance but also the ‘dark pool’ of consumer and rogue webapps that saturate VM availability.
What about interactions between virtual users, virtual apps and additional flow analysis that can be done, for example, network traffic such as what Cisco exposes via its NetFlow protocol or Citrix a la its AppFlow protocol? Often, the root cause of performance-related contention issues can be pinpointed to interactional data across conventional silos, and so a more powerful way of maintaining a preventative cyber threat posture is to run a predictive analytics tool that’s correlating behavior analysis data between end-users and networks. If you’re a managed service provider of cloud or hosting services, what better way to expand your portfolio of offerings than leveraging an end-user behavioral analytics tool in another kind of SaaS solution, i.e., Security-as-a-Service?
Xangati Blog
Visit our Blog for more information