According to a study by McAfee, they record over 100,000 new malware samples a day. The reason this is important is because it tells us that no matter what Firewall or anti-virus software used, hackers are relentlessly trying to infiltrate into our networks. Hackers use this malware to bypass our security walls and breach user accounts to get control of our data. They are after unstructured data which includes emails, pdfs, documents, files, etc. that are spread out across a network. There is a second security measure we can be using in order to protect this data.
Before I talk solutions, I would like to dive a little deeper into how hackers are getting into our files.
Scenario 1: Remote User
Remote user access have helped us to optimize, become more efficient, and cut costs but by nature they have also opened us up to more security threats. While a user is at home using a company issued device, disconnected from their company network, they download movies off the internet. Shh, don’t tell anyone! The problem is that because they are off their network, they do not have the same security policies and procedures. Consequently, their device gets a virus. Now when they take their device to work the next day and connect to the network, they have unknowingly allowed a hacker into the environment. Go fish buddy!
Scenario 2: Zero Day Malware & Encrypted Channels
Second, hackers have become more elusive and are using Zero Day threats, as you saw the multitude of this earlier, to get into our networks. A lot of this malware is transferred over encrypted web traffic which prevents firewalls from picking up on them as they pass through giving a hacker easy access into the network.
Scenario 3: Spoofed Email Message with Malicious File
We also see hackers create spoofed email accounts and send messages with downloadable PDFs. These emails look legit and the moment users download and open that PDF, a process runs that opens up a vulnerability for a hacker to enter the environment.
These are a few examples of the methods hackers use to get inside. The point to understand is not how hackers get into our environments. The point is when they get into an environment, how will we fight against them?
Furthermore, how do we distinguish hacker activity from normal user activity?
The answer is User Behavior Analytics or UBA. At a very high level, UBA technology monitors the habits of your users, what applications they access, and when they are accessed. This is where inside threat prevention is developed. Understanding our users, what they access, what they can access but never use, as well as very specific things such as what day and time they access certain files or applications allows for UBA software to flag activities that are not in the norm for those specific users. Ultimately, this allows you to know where a hacker is going and what they want and then allow you to block privileges manually or automatically to prevent your data from being compromised.
Bird Rock Systems is partnered with Varonis, a leader in UBA technology. Varonis has been specializing in this type of technology since 2005 and was recently mentioned in an article by Gartner.
To understand how Gartner feels about UBA and some information on how Varonis is using this technology to prevent hackers form compromising your data, check out this ARTICLE.
If you are interested in learning more about Varonis and would like to set up a meeting with your local IT solutions provider and a Varonis Sales Rep, call us at 858.777.1617 or email us at info@birdrockusa.com.
“No worries… We Make I.T. Better!”
