How Threat Analysts have Become Superstitious: Superstition vs. Machine Learning with StealthDEFEND v1.2

The American psychologist B. F. Skinner conducted an experiment to examine how superstitions are formed. Using one of his favorite test subjects, pigeons, he observed that the pigeons associated whatever chance actions they had been performing when they were fed. Some of the birds would turn twice, while others would peck three times and they all repeated these behaviors with the expectation that they would be rewarded with food. Traditional cyber security has been suffering from this condition for quite some time. We have come to believe that the actions we have taken to protect our data must be repeated over and over again if we are to be successful in protecting our data.

Machines don’t suffer from superstition. They are capable of understanding that just because Alice and Bob belong to the same business unit that the level of access Alice has is not necessarily at the same level that Bob should have. For this to happen though, machines have to be fed data that allows them to make these distinctions. Otherwise, they would just associate Bob’s pecking to Alice’s turning around in circles. Garbage-in, garbage-out.

Applying machine learning to Data Access Governance was the first step in developing a system that could hunt insider threats based on data inputs that yield high accuracy and move cybersecurity professionals away from hunting threats based on more than an alert and a hunch. Using data sets such as file system activity was a natural evolution for us in detecting behavior that was indicative of an insider threat.

The repetitive behavior being at the foundation of poor decision making meant that we needed to remove or reduce common tasks associated with threat response while also introducing ways to contain threats.

And so in StealthDEFEND 1.2, we are introducing an Actions Engine that automates security responses and connects various security applications and processes together with multi-stage actions. This allows users to build “Playbooks” they can use to respond to threats automatically or in an ad-hoc fashion.

If we take the earlier example of Alice and Bob being in a shared department but requiring access to different resources, identifying when Bob steps outside of his role to access data is critical to shutting down the threat of sensitive data leaving the organization.

StealthDEFEND allows users to create and execute security playbooks that address this and many other insider threat scenarios automatically.

The combination of data inputs from StealthDEFEND along with its machine learning capabilities, coupled with the automation and orchestration capabilities introduced in this latest release, makes this the most exciting release to date of the real-time threat analytics platform. If you would like to learn more or download a free trial please visit our product page.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Name

Email*