Verizon breach report makes case for behavioral analytics

Behavioral analytics technology defends against Web application attacks by flagging and stopping unusual user activity

Verizon's annual data-breach investigations report makes a strong case for behavioral analytics technology that looks for anomalies among user activity to spot hackers.

Such technology could help detect the use of stolen credentials, which were one of two ways most Web applications were compromised, according to the report released Tuesday. The other way was exploiting a weakness in the application.

[More businesses at risk of credit card data breaches: Verizon]

In general, Web applications were the "proverbial punching bag" on the Internet, with 35 percent of the more than 1,300 data breaches examined in the report falling into this category.

Behavioral analytics software defends against such attacks by establishing a norm for how people access and use a site, whether it's owned and managed by an organization or in the cloud.

The technology "automatically builds an internal model of profile variables that describe normal, expected behavior, similar to fraud management techniques," Forrester Research said in a recent report entitled "Top 15 Trend S&R Pros Should Watch: Q2 2014. "Then, if a user exhibits different or risky behaviors, the system automatically monitors, alerts and intercepts the transaction before the user does any damage."

Behavioral analytics lets companies place security in the middle of communications between any endpoint and application, said Frank Cabri, vice president of marketing for Skyfence, a cloud security gateway startup recently acquired by Imperva. The software can be configured to monitor individuals or user groups, such as a marketing department.

"Once you have that profile or that baseline, you're then looking for anomalies," Cabri said.

Behavioral analytics tools are increasingly self-learning, according to Forrester. Once the software gathers enough user data, which can take hours or days, a company can then set up alerts and interception capabilities.

Such technology is increasingly being used today to protect cloud workloads that are typically running on services in which the provider has control over the security policies, according to Forrester.

"Increasingly, many vendors apply behavioral intelligence to protect against data exfiltration and mitigate advanced persistent threats," the report said.

Vendors to watch in the market include Adallom, CA Technologies, Entrust, Experian, Guardian Analytics, IBM, Imperva, iovation, RSA, Securonix and ThreatMetrix, according to Forrester.

[One in five data breaches are the result of cyberespionage, Verizon says]

In its report, Verizon advised companies to look for alternatives to single password-based authentication on anything Internet facing. Vendors providing some form of two-factor authentication were quick to add to that recommendation.

"Using a single-factor authentication process is like laying out a red carpet for them (hackers)," Scott Goldman, chief executive of TextPower, said in an email.

Copyright © 2014 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)