The Business Challenge
Over 85% of all data breaches involve the use of stolen or compromised user credentials. These credentials, usually in the form of user login IDs and passwords, are the key to a criminal’s ability to penetrate an organization’s network. This is especially true when credentials are associated with privileged accounts. It’s therefore critical to detect and prevent their theft and subsequent use.
Most Tools Fail to Detect Theft and Unauthorized Use of Credentials
Since they appear to be valid, stolen credentials are very difficult for most security systems to spot. Only an advanced understanding of the attacker’s actions and behavior can identify an imposter at work. Unfortunately, SIEM and access management solutions don’t have the sophisticated correlation tools necessary to distinguish between good and bad behavior, so they can’t detect modern credential theft attacks.
How Fortscale Detects Compromised Credentials
Fortscale uses numerous advanced behavioral models and machine learning algorithms to ingest, enrich, and model massive amounts of data from SIEM, access, and authentication systems. The resulting behavioral intelligence detects compromised credential activities and other anomalous actions. Modeled suspicious behaviors, such as impossible geographic appearances, irregular usage of resources, or unusual methods of access, are all indicative of compromised credential activity and are used to trigger meaningful security alerts.
The Business Challenge
Network administrators and other high-privilege accounts hold vast access rights and other powerful capabilities. All these attributes make these accounts both prone to internal abuse and also a prime target for social engineering and other credential theft techniques. In the hands of a rogue insider, or a malicious outsider, privileged accounts can be used to access and exfiltrate sensitive information stealthily.
Not Easy to Detect Rogue Administrators or Compromised Accounts
Administrators must frequently access sensitive data and perform high-risk tasks. This makes it very complex and difficult to determine if their actions are legitimate or not, or if an imposter has obtained their credentials.
Fortscale Detects Privileged User Abuse
Fortscale’s advanced user behavior analytics provide comprehensive and context-aware intelligence regarding activities associated with privileged accounts. Fortscale detects suspicious behaviors, such as anomalous accesses to sensitive resources, which are not consistent with the user’s normal behavior. It can also detect a previously unknown device when it begins to access sensitive systems, which may indicate that an external malicious user has obtained credentials to privileged accounts.
The Business Challenge
Contractors, business partners, and other service providers often have access to sensitive corporate data. However, they are not usually subject to the same security practices and policies as the hosting enterprise they work with. This commonly seen situation leads to security gaps that are not attended to in commonly used remote access solutions.
Security Personnel Lack the Tools Needed to Monitor Third Parties
Enterprises are rarely able to control the security of their contractors and partners, and often lack the tools necessary to determine the full context for their behavior. This makes it impossible to adequately monitor the actions of third parties and detect when they’ve been compromised.
Fortscale Detects Third Parties and Any Anomalous Behavior
Fortscale’s advanced user behavior analytics includes the capability to detect third-party accounts and tag them as such. This enables stricter risk monitoring of their corporate resource usage and provides the ability to detect anomalies in their behavior that indicate compromised security.
The Business Challenge
In search of sensitive or valuable data, rogue insiders and malicious outsiders scan corporate systems hoping to find and access information they can sell or use for their own gain.
Standard Security Tools Will Not Detect Reconnaissance
As long as malicious or rogue employees and external hackers continue probing for data with their authorized access rights, and given their provision of valid user credentials, their actions will not trigger any network alert. In fact, in most environments they can literally access every resource they have access to. This makes it very difficult—if not impossible—for security personnel to detect a forthcoming breach.
How Fortscale Identifies an Approaching Data Theft
Fortscale’s advanced analytics establish a baseline of normal behavior for each user account. If at some point the account is used to access any resource outside of the norm, whether authorized or not, all such events are monitored and analyzed against related actions and the full context of the user’s behavior—triggering high-risk alerts.
The Business Challenge
Service accounts are used by operating systems and various applications to perform automated background tasks. These accounts, usually unmonitored, own high access rights and are under constant risk of attack and compromise.
Security Tools Don’t Address Service Accounts
Security personnel rarely have any tools that are designed to continuously monitor service accounts and their activities. When these accounts are compromised, the attacks generally go unnoticed and unreported.
How Fortscale Detects Compromised Service Accounts
Fortscale’s advanced machine learning and analytics include the capability to identify service accounts and tag them as such. This enables stricter risk monitoring of their corporate resource usage and provides the ability to detect anomalies in their behavior that indicate compromised security.
The Business Challenge
Data exfiltration is one of the biggest concerns within many organizations. With evolving exfiltration techniques, detecting data leaks has become more difficult as additional technologies and methods to transfer data emerge.
Security Teams Need Help Detecting Data Exfiltration
Security personnel are tasked with preventing data exfiltration, but find it difficult to keep up with all of the various methods available to transfer data. Relying on bandwidth usage helps, but it’s clear that more effective tools are needed.
How Fortscale Can Help Detect Data Exfiltration
Fortscale leverages a set of related parameters to establish a data usage baseline for each user. With each exfiltration attempt, normal data usage patterns are analyzed. Anomalous usage behaviors trigger an alert including all the relevant data that suggests a data leak has occurred.
The Business Challenge
When individuals attempt to gain access from remote locations, enterprises need to determine if they are legitimate users or remote attackers who have managed to obtain valid user credentials.
Security Personnel Need to Know Location Behavior
Many users work from multiple remote locations such as their homes, hotels, airport kiosks, satellite offices, and even from customer locations. Without knowing each user’s location behavior, security systems must either allow broad access from remote locations—thus allowing high-risk access sessions —or limit remote access and risk disrupting legitimate users.
Fortscale Differentiates Between Malicious and Legitimate Geolocations
Fortscale uses advanced user behavior analytics and machine learning to establish a baseline of normal geolocation patterns for each account holder. When access is attempted from a location that fits the normal pattern, entry can be granted with a high degree of confidence. However, if access is from a location that doesn’t fit the normal behavior, Fortscale triggers an alert with all supporting information to quickly understand if a geolocation sequence anomaly has occurred.
The Business Challenge
Unauthorized credential sharing creates a loss of accountability and can lead to serious security incidents. This is especially true when privileged accounts are involved. Unfortunately, studies show that 20% of employees share their passwords with someone else, even though it’s strictly against policy.
It’s Difficult to Identify Unauthorized Credential Sharing
Access management services and correlation engines found in SIEM and other systems can alert security personnel when specific credentials are used, but they don’t typically have the ability to generate alerts when credentials are used by more than one person.
How Fortscale Detects Shared Credentials
Fortscale uses advanced user behavior analytics and machine learning tools to ingest, enrich, and model massive amounts of data from SIEM, access, and authentication systems. The resulting behavior intelligence detects credential sharing and other anomalous acts. Suspicious behaviors, such as multiple devices or individuals using the same credentials at the time, indicate user credential sharing has undergone.
The Business Challenge
Human error can cause security misconfigurations that allow individuals or entire security-enabled access groups to reach applications and data that they should not be able to access.
Validating Security Configurations is Often Onerous and Manual
Verifying that security configurations are as they should be is generally a manual and burdensome activity, and one that is very time consuming. As such, it’s frequently neglected, leaving the potential for serious security implications.
How Fortscale Detects Network Misconfigurations
Fortscale detects misconfigurations by identifying anomalies among anomalies. These unique types of threat indicators represent situations that happen very rarely, if ever, implying that the event is not supposed to happen at all. For example, if a human resource staff member accessed sensitive engineering designs, it’s a clear indication that the security controls are not configured properly.
The Business Challenge
Employees who are preparing to leave the organization may pose a security threat. It’s critical to safeguard the organization against data exfiltration, especially if the employee has become disgruntled.
Few, If Any, Tools Designed to Easily Monitor Departing Employees
Even though departing employees frequently carry a high risk of data exfiltration and even sabotage, there are few, if any, tools designed to easily monitor their actions and detect suspicious behavior. Security personnel must generally manually monitor logs, which is a cumbersome process and rarely done.
Fortscale Can Easily Monitor Departing Employees
Fortscale’s advanced user behavior analytics monitors departing employees using custom tags. This enables stricter risk monitoring of their corporate resource usage and provides the ability to detect anomalies in their behavior that indicates data exfiltration, sabotage, or other security violations.