6 ways to stop criminal attackers in their tracks

Criminals always seem to be two steps ahead. Here are some methods to close that gap.

6ways title

Halting attacks

In the wake of a string of high-profile data breaches such as Dairy Queen, JP Morgan Chase, AT&T and Home Depot, enterprises need to be ever vigilant to fend off bad actors. Exabeam offers tips on what CSOs and CISOs can do to prevent these breaches.


Assume you've already been compromised

There is no way to stop malware from entering your network, simply because malware is evolving too rapidly. A report from Pandalabs found that 30 million new malware threats were created in 2013 – an average of 82,000 per day. Additionally, entrance to the network is the shortest point of the breach chain and according to FireEye, 82 percent of malware disappears an hour after activation. Security experts should accept that their networks will be breached and focus on how to eliminate the hackers inside before it is too late.  


Learn the typical behavior of users

Cybercriminals have already moved toward a stolen credential and user impersonation approach when it comes to stealing massive amounts of data. This technique allows them to stay resident inside a company for long periods of time. A 2012 Mandiant M-Trends report found that in every data breach investigation Mandiant recorded, stolen credentials were used 100 percent of the time. Most recently, the 2014 Verizon Data Breach Report found that 76 percent of all network intrusions in 2013 involved stolen credentials. Employing a system that learns the behaviors of employees and over time gains an understanding of what are normal credentialed employee activities and which are anomalous is the only way security teams can identify the stealthiest attacks.


Quantify the risk of suspicious activities

At first glance, a VPN login from London by a vice president of sales seems like a normal activity until you can examine the characteristics and context of the entire user session surrounding it. To better determine the risks associated with this session, a security solution should analyze the times and activities that occurred during the session, how often a logon happens from this location and if other members of the sales department have exhibited similar behaviors. By quantifying the additive risk of each potentially suspicious activity, security analysts will be better able to identify the true risks of a potential data breach and gain user behavior intelligence.


Eliminate white noise from false-positive alerts

The concept of the false-positive security alert has been with us since the first intrusion detection system came to market. Security teams are sometimes slow to react because of an inherent and sometimes justified disbelief of their tools. The huge volume of alerts and a lack of adequate prioritization in their security information and event management (SIEM) system make it hard to truly anomalous security events from what might be considered “noise.” This happened in the 2013 Target data breach and will undoubtedly happen again. Security teams need help with prioritization so they can spend time analyzing the alerts that truly indicate risk to the most valuable data the company has.


Eliminate human error

A 2013 report released by the Ponemon Institute and Symantec found that human error caused more than two-thirds of the data breaches in 2012. Automated security monitoring systems could help some enterprises detect a lack of system controls and data governance within their organizations.


Train employees to protect their credentials

Any employee can be a risk to your company’s data security without realizing it. While it is inevitable that your organization will be hacked, employees should still know what a phishing scheme looks like and the many ways they can be socially engineered into handing over their username and password to potential attackers. This will help eliminate the frequency of attacks and make it harder for attackers to steal their credentials to facilitate large-scale data breaches.