Every organisation needs to be operating on the premise that some form of data breach or security incident is inevitable. While many of these incidents cause limited damage, and can often go unnoticed, it is impossible to ignore the growing frequency of high profile cyber security attacks on Australian organisations.
Unfortunately, cyber attacks very rarely announce themselves by design. In fact, their ability to slip through the cracks in traditional security solutions is the reason they’re still so effective. In one survey, 44% of Australian CSOs said they believe that phishing attacks were still the biggest security threat they faced because they prey on human errors in judgement.
While an extremely damaging variant of the same methodology, ransomware is the scourge that every CSO is now trying to protect themselves from, before they end up becoming the next headline. With several high-profile attacks taking place in Australia this year, ransomware in Australia nearly tripled in the first six months of 2020 alone.
But we also need to consider the attacks that occur from inside our organisations. According to Verizon research on insider threats:
- 57% of database breaches involved insider threats
- 20% of cybersecurity incidents are due to misuse of privileges
- 61% of internal actors are not in positions with a high level of access or stature
However, effectively fighting insider threats has previously been complex and difficult. While secure remote access has become critical to effective operations in our “new normal” this means rethinking the old concepts that any device or user inside the secure network can be trusted – instead switching to Zero Trust models in which access to business systems is granted when a trusted person with the correct identity and credentials requests it.
Preventing the most damaging cyber attacks requires us to go further. User and entity behaviour analytics (UEBA) have been developed to build profiles and behaviours of users, entities, and applications to help in spotting anomalous and suspicious behaviours that could indicate threats of malicious insiders or external attackers.
Fujitsu’s User Entity and Behaviour Analytics Service provides organisations a key differentiator in their security posture and ability to mitigate the ever growing threat landscape. Our User Behaviour Intelligence Platform offers:
- User Visibility: A lightweight collector captures complete audit trails in real-time. It is scalable, privacy-conscious, and provides online and offline visibility.
- User Behaviour Intelligence: Advanced intelligence pinpoints suspicious user behaviour as well as both “known-bad” behaviour patterns and baselines normal behaviour to detect anomalies.
- Analytics: Machine learning baselines individuals’ normal user behaviour and alerts on suspicious anomalies or red flags
- Actionable Alerts: Produces alerts based on an entity’s risk score. This “alert stacking” means that analysts only receive an alert when the user’s total risk score reaches a pre-defined threshold, reducing noise and false positives.
With Fujitsu’s UEBA Platform, we provide you with the core components for the speedy detection, intelligence and alerts to enable fast response and remediation of security incidents in addition to enabling retrospective analysis to support security investigations and compliance requirements. As the threat landscape continues to evolve, we’re pleased to offer the next generation of Zero Trust security solutions that will keep your organisation and its data secure.
