Just What Exactly Does ‘Anomalous Behavior’ Look Like? The Question Stumps CISOs

Paula Musich
Paula Musich

Summary Bullets:

  • IT security organizations need to rethink their approach to finding, prioritizing and remediating more sophisticated attacks that easily bypass existing defenses.  One way is by better understanding what is normal and not normal from both a coarse view of aggregated network flow data as well as a more granular view of specific users and their activities.  Those with elevated privileges and access to sensitive customer or financial data are a good starting point.
  • CISOs looking at more advanced security analytics solutions should put their prospective vendors’ feet to the fire when it comes to the heavy lifting of greater levels of integration and automated analytics.

I had the good fortune to attend the IT Security Analyst and CISO Forum in London back in June, and there were a number of interesting themes that came out of the roundtable discussion with CISOs from a handful of large enterprises, government and non-government entities.  In responding to a question on what their major challenges were today, one theme really stayed with me: when it comes to analyzing activity on systems and networks for anomalous behavior, “we don’t know what normal looks like,” said one CISO.  Continue reading “Just What Exactly Does ‘Anomalous Behavior’ Look Like? The Question Stumps CISOs”