Businesses and organizations of all sizes are struggling to deal with the increasing variety and level of threats their networks, systems, and data are facing. Last year was a bad year for everyone when it comes to IT security. With new attack vectors being discovered almost daily, with ransomware and phishing scams becoming rampant, and with worries about state-sponsored hacking, it’s no wonder that IT professionals responsible for safeguarding corporate assets have trouble sleeping at night.
Maybe it’s time for something new in how organizations approach the task of network, data, and IT security. Perhaps some fundamental change in how we protect networks is needed to help us identify and mitigate new kinds of threats and attacks when they appear in the wild.
Perhaps algorithms hold the key to answering this need.
To help us understand how algorithms can help organizations safeguard their information assets, I interviewed Isaac Kohen, founder and CEO of Teramind, an employee-monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior in addition to helping teams to drive productivity and efficiency.
MITCH: Thanks, Isaac, for agreeing to let me interview you about using algorithms for enhancing enterprise security. What got you interested in this subject in the first place?
ISAAC: Thank you, Mitch, I’m happy to be here. My experience in the industry started way back when I was programming trading algorithms at a major hedge fund. During my time in the financial world, I spent a vast amount of time around very sensitive information. This is where my curiosity for IT security was triggered, and I went into IT consulting to help companies better secure their masses of confidential data.
During that time, I realized that the IT norm was to prohibit and lock out as many people as possible to protect their data. I soon came to the conclusion that this was a very ineffective way to approach data security because it hindered the productivity of a very important asset to the organization — the employee.
From there, I decided to try a new approach by focusing on algorithms targeting user behavior to find outliers within companies. This is where Teramind was born.
MITCH: Can you describe an example of how algorithms can be useful for enhancing IT security for a company or organization?
ISAAC: I think an interesting algorithmic approach to security would be for the purpose of impostor detection. Each person interacts with a computer in a certain way. For example, you probably have a preferred way to close or minimize windows. I bet the length of time you spent between typing the “h” and “e” in the word “hello” differs from how long it takes me to do the same. And when you capitalize a letter, do you use the left or right shift buttons? Do you use the mouse or arrow keys to scroll normally? I can think of about 200 of these types of signals that when combined algorithmically with even simple linear weights, make up a user profile. After a learning period, that data can be used to detect if the person sitting at a computer is really that person or not.
MITCH: Fascinating! What are some of the key areas of IT security where algorithms can be particularly helpful in safeguarding the information assets of a business or organization?
ISAAC: Algorithms can help in any aspect of IT security when you think about it, but only if done right. There’s a huge hype these days about machine / deep learning. I think automatic anomaly detection is fantastic, but only when combined with discretionary rules. You should be able to clearly define a rule, say for example, when a user sends an email containing PII. You should also be able to get an alert when the user’s email behavior changes, for example, if they typically send 300MB worth of emails in a day and one day they send 900MB, then something is wrong. These two methods, baseline algorithms and discretionary rules, will together make a more robust algorithm for detecting security breaches. Together they create a net to catch what you know is unacceptable behavior along with behavior that simply deviates from the norm.
Let’s take a quick look at the health-care industry, which has been struggling to keep confidential data stay confidential. In this industry, digitalized and EMR records are becoming the norm. Information like patient contact information, emails, medical records, and Social Security numbers are high-selling content for the Dark Web. And this has created a “feeding frenzy” for malicious criminals because health institutions are making this information fairly accessible and easy to find. Plus, criminals can keep pulling from the data treasure trove because the breach goes undetected for months or years. The weakest link in protecting this data lies with the user — the employee. Employees are prone to phishing emails, or they actually steal information from the organization and sell the information on the Dark Web themselves (the insider threat). User analytics and algorithms can categorize where the most important information is in your health-care organization, collect data in real-time, and alert administrators when the specified data is compromised.
MITCH: So what benefits can the use of algorithms hold over more traditional approaches to securing corporate networks and the confidential business data stored on them?
ISAAC: Algorithms can catch things that humans didn’t think of, and humans can catch things that algorithms weren’t designed to catch. That’s the reason I’m a proponent of using both algorithms and discretionary methods, as described previously. In any case, the advantage of algorithms is obvious — they can be executed on an immense amount of data without effort.
MITCH: Interesting. What kinds of companies and organizations do you think could benefit most from using algorithms this way?
ISAAC: Everybody! Large enterprises, medium enterprises, and we often stress the importance for small businesses to adopt algorithms. Data is a commodity. It’s worth something, and hackers are growing in number and becoming more clever because they see the financial worth of your data. A data breach can cause thousands to millions of dollars in damage to an enterprise including everything from the lawyer fees to the brand damage. If we have to choose an industry, companies in the law, energy, health care, finance, and retail can benefit the most from this approach, because the data they’re collecting and storing is very sensitive and can go for a hefty price.
MITCH: Technologies for securing IT assets and data continue to evolve and improve, but users still seem like the weak link when it comes to protecting your business. Can algorithms help reduce the risk of users being the primary vector where a breach occurs?
ISAAC: Of course. Algorithms can help shape a user’s behavior just like regular discretionary rules. They can warn the user, for example, that they’ve been recorded copying too many files for the day when a certain threshold has been reached. Imagine a user that gets that message, they’ll freeze in their seat and rethink their intentions.
MITCH: Are there any good resources you can point readers to where they can learn more about how they can leverage algorithms to secure their corporate infrastructure, assets, and data?
ISAAC: Because of the increasing awareness due to recent data breaches, more thought leaders and resources are emerging to educate decision makers on the progressiveness of algorithm-based data protection. A wealth of resources listed here include blogs, institutions, and books. A few of my favorites include: CERT Insider Center and SANS Security Awareness Center. A little closer to home, I also highly recommend our own expert resource blog IT Security Central, which provides commentary on breaking news as well as informative, nonpromotional content on user analytics, insider threats, and monitoring.
MITCH: Isaac, thanks very much for giving our readers some of your valuable time!
ISAAC: Thank you!
Photo credit: Shutterstock