BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Using Threat and Behavioral Analytics to Stop the Adversary

June 1, 2016

  • Blog
  • Archive
Threat analytics Regardless of the motives of a hacker, the main component of damage is often associated with compromising, altering, or destroying critical information that is needed in order to run the business. It is an unfortunate reality, but organizations are going to get compromised. In designing security, especially for the endpoint, robust measures are deployed to prevent compromise, layered with defenses to minimize the damage that is caused by a compromise, but ultimately, we need to be able to detect the compromise within a timely manner. Since, on average, organizations are often compromised for close to a year before being detected (according to the 2016 Verizon Data Breach Investigations Report), IT organizations have concluded that finding a compromised system is very difficult. Fortunately, that is not the case. Revealing compromised systems is straightforward when the right tools and processes are implemented. Too many organizations still fall into the trap of putting all of their security eggs in the prevention basket. So when that fails, they have scant resources dedicate toward detecting and tracking an exploit that is in progress. When an endpoint becomes compromised, there are distinct differences in what activity a normal user performs and what activity an adversary would perform. By carefully monitoring, watching and tracking any changes in behavior, which include data access, applications, services and network activity, distinct differences can be detected to indicate that a compromise has occurred. This data can be derived from all of the disciplines discussed in this whitepaper. From a host-based activity perspective, software can carefully monitor what is happening on the system and detect subtle differences in behavior. Critical areas to monitor on the host are files and applications that run when the system boots. One of the goals of an adversary is to maintain persistence, and this is achieved by running malicious code when the system starts. Since there is only a finite number of ways that programs can run during boot up, this is an easy area to monitor and track. From a network perspective, a compromised system will often make a C2 (command & control) session back to the adversary so they can continue to monitor the system and cause additional harm. These connections are often fully encrypted and go to IP addresses that are not associated with legitimate or normal sites. Therefore, by carefully monitoring network connections including DNS lookups, suspicious activity can be detected. This general activity of looking for compromised systems is referred to as hunting. Threat hunting is the act of aggressively tracking and eliminating cyber adversaries as early as possible and is a key component of mitigating damage. There is no such thing as an invisible adversary. Carefully monitoring and tracking the system can reduce the dwell time, or amount of time an adversary is on a system, reduced, helping to limit any damage. To learn more about using behavioral analytics to protect your organization, view my on-demand webinar “3 Tips to Revealing Hidden Security Risks with Behavior Analytics.”
Photograph of Dr. Eric Cole

Dr. Eric Cole, World Renowned Cybersecurity Expert, CEO of Secure Anchor

World Renowned Cybersecurity Expert with more than 30 years of network security experience, Dr. Eric Cole is a distinguished cybersecurity expert and keynote speaker who helps organizations curtail the risk of cyber threats. Many of the foundational principles of this course and training in cybersecurity were developed by Dr. Cole. He has worked with a variety of clients ranging from Fortune 50 companies, to top international banks, to the CIA, for which he was a professional hacker.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Capabilities to NIST SP 800-207

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.