Twitter, Apple, Facebook, and Microsoft are all household corporate brands, and they have something in common: They have all suffered data breaches.
As attacks make headlines daily, industry influencers seem to all be calling for security monitoring and forensics tools as the “end all, be all” for solving these types of issues and preventing future incidents. But sadly, monitoring tools like SIEMs catch maybe 50% of threats, best case scenario. Gartner says 85% of organizations are failing at early breach detection. Even the recent Verizon Data Breach Investigations Report found 66% of breaches are taking months or longer to be detected. HyTrust agrees, and has found the same or similar numbers in informal polling. In fact, Eric Chiu, president and founder of HyTrust (http://hytrust.com/), the cloud control company, says “Security monitoring tools such as SIEMs are broken — they’re slow, reactive and weak.”
It’s obvious a new approach is sorely needed. Chiu says Role-Based Monitoring (RBM) is the future of security monitoring, and shared the below infographic. Based on pre-defined user roles, RBM can detect and block threats in real-time. It alerts you when something outside the norm happens. For example, an attacker using an advanced persistent threat (APT) technique might hijack someone’s corporate “privilege” – in other words, their advantages, benefits, entitlements or rights based upon their role within the organization – in order to carry out their breach more effectively.
“RBM is the fastest, strongest and most certain method of identifying threats with 98% accuracy,” Chiu said. “It provides a deeper examination of the context, looking at what was done as well as who executed the action, what their job is, and what resources they’re allowed to manage.” This enables organizations to zero-in and separate appropriate administrative operations from malicious ones, Chiu explained.
RBM is useful especially in cloud environments where ‘super admins’ have ‘super access’ to everything, i.e. they can copy, if they wish, every virtual machine with sensitive data, or tamper with controls and potentially destroy the entire virtual datacenter.
“It’s time to rethink security in-line with emerging technologies and change the way we do business,” said Chiu.