Archive for January, 2021

User & Entity Behavior Analytics: Definition & Benefits

User & entity behavior analytics (UEBA) is a type of cyber security process that understands how a user conducts normally. Further, it detects any anomalous behavior or instances, such as deviations from normal conduct. A simple example being, suppose a user downloads 10 MB of files everyday but suddenly downloads gigabytes of files on an instance, the system will detect this anomaly and update the user.

UEBA relies on machine learning, algorithms and statistical analyses to detect the deviations from established user behavior and determine the anomalies that can translate into potential cyber threats. UEBA also takes into consideration the data in system reports, logs, files, flow of data and packet information.

UEBA does not track security events or monitor devices, instead it tracks all the users and entities in the system. The main focus of UEBA is insider threats.

Benefits Of User & Entity Behavior Analytics:

As the cyber threat landscape has become complex, hackers are now able to bypass peripheral security such as firewalls. Thus, it is important to detect the presence of hackers who have entered the system in a timely and efficient manner.

This makes user & entity behavior analytics an important component of IT security. Here are some benefits of user & entity behavior analytics system:

  • Detect Insider Threats: Insider threats such as an employee gone rogue, employees who have been compromised, people who already have access to organization’s systems, etc. can cause a serious threat to an organization’s security by stealing data and information. UEBA can help in detecting data breaches, sabotage, privilege abuse, and policy violations by analyzing a change in normal behavior of an employee.
  • Detect Compromised Accounts: There is a great probability that a user’s account may be compromised; the user may have unknowingly installed a malware on his system or a legitimate account may be spoofed. As soon as a compromised account performs an unusual action, it is detected by UEBA before it can cause major damage.
  • Detect Brute-Force Attacks: Scammers can target cloud-based entities as well as third-party authentication systems to launch an attack. UEBA helps in detecting brute-force attacks allowing the organization to block access to these entities.
  • Detect Changes In Permissions: Sometimes hackers create super user accounts to grant unauthorized permissions to some accounts. UEBA detects such changes in permissions to nip the attack before it is launched.

For more information on user & entity behavior analytics, contact Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

Types Of Social Engineering Attacks

Social engineering is a broad term that is used to define a range of malicious activities that majorly rely on human interaction. These attacks often involve tricking people into breaking standard security protocols. The success of social engineering attacks is dependent on the attacker’s ability to manipulate the victim into performing certain actions or providing confidential information to the attacker. Social engineering attacks differ from traditional attacks as they can be non-technical and don’t necessarily require the attackers to exploit or compromise software or a network.

The best way to protect an organization from social engineering attacks is to educate the employees about different types of social engineering attacks. Here is a list of most common types of social engineering attacks –

  • Baiting: A baiting attack is conducted by the attackers by leaving a bait such as a flash drive, USB, or CD at a place, where it is likely to be found by an employee. The device is loaded with malicious software. The success of such attacks depends upon the notion that the person who finds the compromised device will plug it to a system. When the device is plugged to a system, the malware is installed. Once installed, the malware allows the attacker to gain access to the victim’s system.
  • Phishing: It is one of the most common social engineering attacks. The attack involves the exchange of fraudulent communication with the victim. The communication may be in form of emails, text messages, chats, or spoofed websites. The communications may be disguised as a letter from a financial institution, charity, employment website, etc. The communication contains a link and the victim is lured to click on the link to install a malware on his device. In other form of phishing attacks, the link may be used to collect victim’s personal, financial or business information.
  • Pretexting: This type of attack occurs when the attacker fabricates a situation that forces the victim to provide access to sensitive data or a protected system. Some common examples of pretexting attacks are the attacker pretending to require financial details of the victim to validate victim’s identity or the scammer posing as a trusted person such as IT employee to gain victim’s login details.
  • Quid Pro Quo: In such attacks, the scammer requests sensitive data from the victim in exchange for a desirable compensation. For example, the scammer may set up a form asking the users to fill in their information in exchange for a free gift.

For more information on types of social engineering attacks, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

Establishing Data Loss Prevention Policy

A data loss prevention policy defines how an organization can share data while ensuring the data being shared is protected. It also lays down the guidelines for using the data for decision-making without exposing it to anyone who should not have access to the data. In general terms ‘Data Loss Prevention Policy’ can be broadly defined as processes that identify confidential data, tracks data usage, and prevents unauthorized access to data.

Why Is It Important To Establish Data Loss Prevention Policy?

Before understanding ways to establish data loss prevention policy, it is important to understand the need for the policy. As the organizational setup has changed with an increase in number of remote employees and employees accessing the data on different devices, the risk of data loss has also increased.

Under these circumstances, there are three main reasons for setting up a Data Loss Prevention Policy:

  • Compliance
  • IP Protection
  • Data Visibility

Once the need for Data Loss Prevention is clear, it is time to understand the best practices to establish the policy.

Best Practices To Establish Data Loss Prevention Policy

  • Take time to understand and get an insight into the data. Classify the data according to its vulnerability and risk factors. Once classified, identify the data that needs to be protected and fabricate the data loss prevention policy around this data type.
  • Establish strict criteria for choosing data loss prevention vendors. Create an evaluation framework with right set of questions to choose effective data loss prevention solutions for the organization.
  • Identify the people who will be involved in the data loss prevention process and clearly define their rules. It is necessary to segregate the responsibilities of every individual and clearly convey the responsibilities to avoid data misuse.
  • Start by choosing the data set with highest level of priority and risk. Once an effective policy is set up to secure most critical data, build up on this policy to further secure other data sets as per their level of priority.
  • Educate all the employees on importance of data, sources of data loss, need for data loss prevention policy and steps to be taken in case of a data loss or breach.
  • Document the data loss prevention policy and make sure that every employee has a copy for reference.

For more information on establishing data loss prevention policy, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments

What Is Whaling Attack?

PDF Version: What-Is-Whaling-Attack

, , , ,

No Comments