EXPERT OPINION out of the organisation ; whether that be via file sharing apps , to a website , or to partners and customers .
To other tools , this may look like data exfiltration due to large outbound file transfers . Sales and marketing employees , who are often communicating more often with external entities ( i . e new business leads , vendors or third-party agencies ) may also easily fall victim to credential-stuffing attacks . After stealing these users ’ information , hackers then move laterally within a network to gain higher-level access in hopes of obtaining private data or high-value assets .
IT
These individuals often have administrative privileges that hackers can use to obtain authorised access to high-value resources , such as a sensitive database , a user-rights management system or an authentication system . When a hacker obtains privileged-user credentials , the threat actor can move freely to high-value assets . For this reason , SOC analysts must closely monitor this category of users for anomalous activity indicative of a threat .
While the tasks of IT professionals can be both widespread and unrestricted ; even a frequency spike in what would be considered normal activities by a specific network user could trigger a warning that the account has been compromised .
Using behavioural analytics to detect threats sooner
As businesses and their employees continue to endure and thrive in workfrom-home arrangements , their reliance on cloud-based resources and network activity grows more complex .
For this reason , behavioural analytics is one of the most rapidly adopted technologies within enterprise security and is being used to detect and investigate advanced threats .
This adaptable and customisable approach uses behavioural analysis of users and also non-user entities like routers , servers and endpoints that are unable to be addressed by legacy solutions .
Behavioural analytics solutions are divergent with variations of Artificial Intelligence and Machine Learning , advanced analytics , data enrichment and data science to effectively combat complex threats .
By looking at the entire picture , SOC teams can get a better estimate of a potential alert ’ s context so that they can calibrate risk scores more realistically and avoid a high number of false positives . This approach combines all data sources with analytics so that security analysts can get a low volume high fidelity feed and stop drowning in endless noise – enabling them to remain vigilant and detect suspicious behaviours from the C-suite all the way to IT . u www . intelligentciso . com
43