Machine Learning and Cyber Security
How Can Machine Learning and Identity Management Contribute to your Cyber Security Program?
As enterprises are move away from on-premise platforms, the accessibility of large enterprise networks and data is becoming more increasingly productive and readily accessible. But with each advancement of technology comes an even more complex puzzle and landscape relating to Cyber Security. This raises our main question… “How can your organization benefit from the realization of this advancement and more complex technological trends without compromising your security or your data?”
Every Identity has his or her designated access and based on that access, a regular pattern with time emerges of what can be considered “normal behavior” for that user. When credentials are compromised however, that access isn’t changed using identity management tools on its own. This is where Machine Learning comes into play. UBA (User Behavior Analytics) leverages Machine Learning to detect when this Identity’s behavior is out-of-the-norm. This can be an indicator that something isn’t quite right.
An even smarter system (that teaches itself) can automatically remediate threats until they have been properly screened by your security officer’s by leveraging Security Policies and Automated Remediation Actions.
As many of your security experts probably know, there are many vectors of attacks on any network, but the two most common ones are Insider Threats and Stolen Credentials.
Many Information Security vendors are challenged with this because the solution is not just a system, or a platform you can simply buy and deploy, but rather a company-wide program that requires deep understanding of what you are trying to prevent and how you plan to prevent it. Since they are the most common threats, insider-threats and compromised credentials should be prioritized.
An Identity and Access Management (IAM) Program is a critical and essential first step to addressing insider threats. An IAM Program addresses who can access what, and when they can access it. IAM programs are the foundation to implementing least privileged access but the risk that a user’s credentials are compromised remains and must be addressed. This is where behavior analytics adds a great deal of value. IAM grants the right access and behavior analytics monitors what is actually being done with that access.
The convergence of Identity and Access Management platforms and Machine Learning Tools (including UEBA) are key to keeping your organization’s data secure. Especially now that so much of our data and processing is moving to the cloud.
Identity is hierarchical and static and it complements UBA and machine learning by providing context when intertwined. We see behavior from UBA but IAM still tells us who the person reports to or provide us more information on that person's role (amongst other things). UBA and IAM when used in conjunction significantly reduces the risk of breaches due to insider threats and compromised credentials. So consider integrating them sooner rather than later.