Verizon breach report makes case for behavioral analytics

Verizon's annual data-breach investigations report makes a strong case for behavioral analytics technology that looks for anomalies among user activity to spot hackers.

Such technology could help detect the use of stolen credentials, which were one of two ways most Web applications were compromised, according to the report released Tuesday. The other way was exploiting a weakness in the application.

[More businesses at risk of credit card data breaches: Verizon]

In general, Web applications were the "proverbial punching bag" on the Internet, with 35 percent of the more than 1,300 data breaches examined in the report falling into this category.

Behavioral analytics software defends against such attacks by establishing a norm for how people access and use a site, whether it's owned and managed by an organization or in the cloud.

The technology "automatically builds an internal model of profile variables that describe normal, expected behavior, similar to fraud management techniques," Forrester Research said in a recent report entitled "Top 15 Trend S&R Pros Should Watch: Q2 2014. "Then, if a user exhibits different or risky behaviors, the system automatically monitors, alerts and intercepts the transaction before the user does any damage."

Behavioral analytics lets companies place security in the middle of communications between any endpoint and application, said Frank Cabri, vice president of marketing for Skyfence, a cloud security gateway startup recently acquired by Imperva. The software can be configured to monitor individuals or user groups, such as a marketing department.

"Once you have that profile or that baseline, you're then looking for anomalies," Cabri said.

Behavioral analytics tools are increasingly self-learning, according to Forrester. Once the software gathers enough user data, which can take hours or days, a company can then set up alerts and interception capabilities.

Such technology is increasingly being used today to protect cloud workloads that are typically running on services in which the provider has control over the security policies, according to Forrester.

"Increasingly, many vendors apply behavioral intelligence to protect against data exfiltration and mitigate advanced persistent threats," the report said.

Vendors to watch in the market include Adallom, CA Technologies, Entrust, Experian, Guardian Analytics, IBM, Imperva, iovation, RSA, Securonix and ThreatMetrix, according to Forrester.

[One in five data breaches are the result of cyberespionage, Verizon says]

In its report, Verizon advised companies to look for alternatives to single password-based authentication on anything Internet facing. Vendors providing some form of two-factor authentication were quick to add to that recommendation.

"Using a single-factor authentication process is like laying out a red carpet for them (hackers)," Scott Goldman, chief executive of TextPower, said in an email.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Forrester Researchverizonapplication securityAccess control and authenticationWeb application securityapplication security best practicesbehavior-based securitybehavioral-analytics softwarebehavior analysis

More about CA TechnologiesEntrustForrester ResearchGoldmanIBM AustraliaImpervaRSAScott CorporationVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Antone Gonsalves

Latest Videos

More videos

Blog Posts