Corporate Security Blog

Unmasking Hackers with User Behavior Analytics

Many people keep sensitive documents in cloud storage services and the latest breach shows that hackers are focusing on online storage cloud services more frequently. This opens the door to huge vulnerabilities if employees are storing sensitive enterprise information in the cloud. From a preventative perspective, security personnel should review their security measures for the following:

  1. Require multi-factor authentication to access the application
  2. Enforce password strength and complexity requirements
  3. Require and enforce frequent password resets for employees

But manual processes and policies are not enough. At minimum, enterprises should look at automating the enforcement of these policies. For example, you may require multi-factor authentication, but how do you ensure that it's required at all times? A cloud access security broker (CASB) continuously monitors configurations to alert security personnel when changes are made, and automatically creates incident tickets to revert security configurations back to the default setting.   How can enterprises prevent further damage if their employees' credentials were compromised in this hack? We recommend utilizing user behavior analytics (UBA) to look for anomalous activity in an account. UBA uses advanced machine learning techniques to create a baseline for normal behavior for each user. If a hacker is accessing an employee's account using stolen credentials, UBA will flag a number of indicators that this access deviates from the normal behavior of a legitimate user.   Palerra LORIC is a cloud access security broker (CASB) that supports cloud storage services. Here's a few indicators LORIC can use to unmask a potential hacker with stolen credentials:

  1. Flag a login from an unusual IP address or geographic location
  2. Detect a spike in number of file downloads compared to normal user activity
  3. Detect logins outside of normal access hours for the user
  4. Detect anomalous file sharing or file previewing activities

The ability to gauge legitimate access and activities becomes even more important when you consider that many people use the same password for multiple applications. Instead of just protecting a single online storage cloud service, UBA helps the enterprise protect any cloud environment that could be accessed using the stolen passwords.

If you're concerned that hackers may access your cloud storage environment using stolen employee credentials, you should take preventative and remedial action. Adding a cloud security automation tool help prevents a breach by enforcing password best practices, and helps prevents additional damage after a breach by unmasking hackers posing as legitimate users by flagging anomalous activity.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha

Integrated Cloud Applications & Platform Services