Skip to main content

Cybersecurity Lessons can be Learned from Credit Fraud Paradigm

“Hi, there. We’ve noticed some suspicious activity on your credit card. Did you purchase four plane tickets from Rio de Janeiro to Paris?” “No, of course not. I live outside of San Francisco.” This is a typical credit card fraud inquiry, performed thousands of times per day throughout the United States. When a credit card provider sees an anomalous charge (based on learned behavioral clues) to an account, a representative will reach out to the[…]

Topics: LIFE AT EXABEAM, SECURITY

Why it is Taking the State Department So Long to Root Out Hackers

Danny Yadron’s article discussing the amount of time it is taking to get attackers out of the unclassified network at the U.S. State Department is a reminder to all of us how hard this really is. We’ve heard the story before: an employee clicked on a phishing email, malware was downloaded and then it used the credentials and privileges of the initial user to start the process of moving inside the network finding additional privileged[…]

Topics: LIFE AT EXABEAM, SECURITY

The Five Stages of User Behavior Intelligence Acceptance

We’ve been working with our customers for a while now and we’ve had a chance to see the reactions of security teams that drive security investigations with user behavior intelligence. Exabeam, a user behavior intelligence solution applies dynamic behavior modeling to find credentials that are exhibiting anomalous behaviors. It takes very little time for the security team to start using it as a way to find misconfigurations, policy violations, miscommunication between IT Ops and security[…]

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

The Difficulties of Threatspotting [INFOGRAPHIC]

According to the Verizon 2014 Data Breach Investigative Report, 76 percent of data breaches involved the use of stolen credentials. If breaches where hackers entering a network using valid credentials have become such a common occurrence, why aren’t security teams doing more to improve their threatspotting capabilities? Without the use of behavior analytics to monitor the actions and movements of valid credentials in a network, a hacker can easily move undected – even in places[…]

Topics: SECURITY

Continuous Diagnostics and Mitigation (CDM): What Civilian Agencies Need to Know

Two years ago, the Department of Homeland Security (DHS) rolled out a $6 billion program designed to establish continuous diagnostics and mitigation (CDM) for more than 100 civilian agencies. It’s a major cybersecurity effort that began with asset management and will grow to include the management of accounts, event and the security life cycle by 2017. At the start of the program, DHS set up a process for agencies to assess their security profiles before[…]

Topics: CUSTOMERS, SECURITY

Living in the Attack Chain Gaps

A common theme across multiple versions of the so-called “attack chain,” from Lockheed Martin’s kill-chain to Mandiant’s attack chain and others, is that they all show, with a few differences, the steps an attacker takes to achieve their objective: breaching a network undetected to steal valuable data. The most effective way for attackers to do this is by using stolen valid user credentials to slip past initial point-of-intrusion detection devices. The attack chain example that accompanies[…]

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

Head in the Sands: One Year After the Sands Casino Data Breach

On February 10, 2014, Sands Casino properties, which owns the Venetian and Palazzo in Las Vegas, among many other global properties, fell victim to a devastating Iranian hacktivist attack. According to reports, hackers used a basic malware script along with stolen user credentials to corrupt thousands of servers, rendering hard drives unreadable. One year later, similar attacks continue to happen, and it appears we’ve learned nothing from the Sands Casino breach and others like it. What[…]

Topics: LIFE AT EXABEAM, SECURITY

User Behavior Intelligence Drives New Security Processes

There are six key technologies that have defined our security process for the last 25 years. Some of these technologies aren’t as effective as they once were. Following a record year for data breaches, is it time to question our security processes? The answer, of course, is yes. When something is broken, you fix it. But first, a brief history lesson: In 1986, the first intrusion detection system was invented. In 1987, John McAfee released[…]

Topics: LIFE AT EXABEAM, SECURITY

Data Breaches: No vertical left behind [INFOGRAPHIC]

Every business vertical and all levels of government experienced data breaches in 2014, and the outlook for 2015 isn’t encouraging. In our latest infographic, we break down 2014’s data breaches by sector and size. In the retail space, attack activity is expected to accelerate even as credit card companies roll out pin and chip technologies mandated for use in 2016. According to the 2015 “Experian Data Breach Forecast”, “Adoption requirements for EMV ’Chip and PIN‘[…]

Topics: SECURITY

The Importance of User Behavior Intelligence [WHITE PAPER]

Writing a white paper means the company has a strong grasp of a pervasive problem. In this case, it addresses finding cyberattackers using stolen credentials to access private data. According to the Ponemon Institute, it costs companies an average of $201 per record lost in a data breach. In 2014, the total number of records compromised was larger than the US population, meaning the cost to businesses would be more than half a billion dollars. And this[…]

Topics: LIFE AT EXABEAM, SECURITY
2017