Motion analyses increase data security
Andreas Riepen, Head of Central & Eastern Europe at Vectra AI explain:
Andreas Riepen, Head of Central & Eastern Europe (CEE) at Vectra AI
“Digital data is the prey that cyber attackers are after day after day. Passwords, accesses, confidential information, customer data, etc. These are the data that hackers want to spy on and then make money, even at the risk of plunging a company into ruin. With the successful development of the cloud, this data is now distributed over several servers, which offers a variety of attack angles. To what extent does this affect the data and its protection?
Cloud: hackers are playing with the heterogeneity of storage locations
Even if the legal framework allows the protection of users, see GDPR, the data movements that take place in the heart of information systems are an important subject of consideration. And for good reason: for a long time, the information was stored on company-internal servers, before the exponential increase in the amount of data led to the fact that they were gradually migrated to the cloud. At this point, the fortresses of information systems began to provide a certain permeability. The area to be covered has expanded to such an extent that it no longer exists in the traditional sense, and with it also the tools used, the connection points, the established “pipes”. This is a great opportunity for cyber attackers, as the number of access points to sensitive data – in other words, vulnerabilities – has multiplied. These hackers take advantage of the heterogeneity of security tools and look for a vulnerability to penetrate the system.
The expansion of entry points is an important topic for tactical considerations for companies. Which defense strategy is the right one? In order to thwart cyberattacks, it is necessary to keep a close eye on each of the access points to the information system (for example, the workplace computer). Companies also need to look further and be able to protect their most valuable assets when hackers are already trying to break into the environment.
Defense of the vault, not just the front door
To use a metaphor, it can be said that today’s security systems protect the front door of the house quite well. But is the safe, i.e. the place where the most valuable things are stored, also so safe? The answer, of course, lies in the question. What is the use of guarding the boundaries of one’s information system if internal surveillance is not used to control the interior of the “house”? This approach is now inevitable. Given the numerous vulnerabilities, the scenario that a cyber attacker can penetrate into our “fortress” must be considered plausible. Once he has got into the environment, he can move completely freely due to the lack of controls, get tickets and continue to move freely thanks to the obtained permit relationships.
Microsoft is the master of those “tickets” that are issued to users and allow them to move from one environment to another. As soon as the first password has been accepted, the user can switch from one application to another without the need for another password.
There are solutions that can determine whether suspicious movements are taking place in the information systems. With the help of artificial intelligence (AI), signals indicating suspicious activity can now be detected. A movement in the middle of the night? A first orange flag lights up. A second movement in an environment for which the user has no legitimacy? The flag turns red, and the certainty increases that an attack is underway. All this is a matter of a couple of days, sometimes even a couple of hours. So data protection is an internal defense strategy. It is important to go beyond the idea that only the doors of the information systems must be strictly monitored.“