Behavioral Analytic Tools Could Shore Up Cybersecurity Vulnerabilities

Behavioral analytic tools might just open new horizons for better cybersecurity that would let experts better prioritize alerts and collect actionable intelligence, giving them an advantage for more rapid responses to breaches. Or might they open new doors for hackers?

While it’s still too early to deliver a definitive verdict on emerging behavioral analytical tools, cyber experts who led various security workshops and delivered speeches at Raytheon’s annual cybersecurity symposium touted such programs as the way forward.

Industry is debuting a number of new tools to help analysts take all of the data and make it available in almost near real-time, regardless of the volume and velocity and the variety, said Avivah Litan, vice president and distinguished analyst at the technology research company Gartner Incorporated. Big data analytics, once reserved for investigations and forensics, is migrating to proactive monitoring technology and infiltrating the private sector, she said.

It's also taken on a name change. What industry experts used to call big data analytics now goes by the terminology of user behavioral analytics—tools that can help establish baseline “normal” behavior for businesses and spot anomalies that could mean a breach, be it a criminal or terrorist attack or an insider threat, she said. “We all know prevention doesn’t work all of the time, so assume malware is going to get into your organization, but prevent it from being installed and operated.”

Beyond analytics, the emergence of technology can help, such as phone printing technology migrating from military use to the commercial sector that lets companies determine if a phone call is legitimate. Criminals can mimic phone IDs, and are known to call the helpdesk for changes to passwords, for example, then gain network access. “There are a lot of bad things happening over the phone channel now because companies are tightening up their online channels, so the bad guys are moving to the phone,” Litan told attendees of Raytheon’s fifth annual cybersecurity summit, this year titled "The Unassailable Enterprise."

“There are no simple solutions, but there are intelligent choices that can lead to those solutions,” offered Richard Marshall, chairman of the board of directors and CEO of Secure Exchange Technology Innovations, and a renowned leader on cyber-related policy, legal and technical issues.

The Internet touches more than 2 billion people around the world, including those who live in less technically sophisticated areas, providing instant access to communications, information and economic opportunities. “Mobile communications also are ubiquitous. Today, more people have access to mobile communications than they have access to water or sanitary facilities,” said Marshall, who likened the Internet to a massive information railroad of commerce and connections. “Riding in the caboose that was left at the train station was the single flagman called security. We built the Internet without … thinking about security. Today we’ve got great connectivity, great abundance of features, but at the expense of security.”

Solutions are sprinkled in technology, cyber hygiene and law enforcement, but what’s missing is information sharing. “More is said about information sharing than what’s being done,” Marshall offered. For now, information sharing is hamstrung by a lack of laws, regulations, policies and precedence.

Of late, the financial sector has absorbed the brunt of the attacks, said Mike McCann, a consultant with Signum Security LLC and former director of information security for Eagle Bank.

In addition to new tools and technology, the industry must enact a “paradigm shift in thought process,” McCann said, such as accepting that breaches are going to happen. Instead, industry should focus efforts, time and resources on methods to minimize the dwell time attackers have access to the now vulnerable and hacked networks.

“Right now, industry is part of our national security infrastructure, our financial infrastructure in particular," McCann said. “The threats that [endanger] national security are the same threats that [endanger] our commercial industries.”