All posts by Sarah Hospelhorn

Announcing Varonis Edge – to the Perimeter and Beyond

Announcing Varonis Edge – to the Perimeter and Beyond

Email, web, and brute force attacks are the primary ways that malware gets through your defenses.  The Yahoo hacker’s favorite technique? VPN. The Sony hack? Phishing emails.  Remote Access Trojans? DNS.

We’ve spent over a decade working on protecting core data stores – we’re now extending that data security to the perimeter by using telemetry from VPN concentrators and DNS servers to spot signs of attack like DNS tunneling, account hijacking, and stolen VPN credentials. With Varonis Edge – coming soon in beta – you can monitor perimeter attacks and put them in context with activity and alerts in your core data stores for the full picture.

Extend your data security to the edge with enhanced security intelligence and additional threat markers, so that you can alert on external attacks, catch malware in its tracks, and defend your data better from insider threats. Find out more about Varonis Edge here.

Interested? Get a demo and be the first in line to try it.

Introducing Our New DataPrivilege API and a Preview of Our Upcoming GDPR Pa...

Introducing Our New DataPrivilege API and a Preview of Our Upcoming GDPR Patterns

GDPR Patterns Preview

We’re less than a year out from EU General Data Protection Regulation (GDPR) becoming law, and hearing that our customers are facing more pressure than ever to get their data security policies ready for the regulation.  To help enterprises quickly meet GDPR, we’re introducing GDPR Patterns with over 150 patterns of specific personal data that falls in the realm of GDPR, starting with patterns for 19 countries currently in the EU (including the UK).

Using the Data Classification Framework as a foundation, GDPR Patterns will enable organizations to discover regulated personal data: from national identification numbers to IBAN to blood type to credit card information. This means that you’ll be able to generate reports on GDPR applicable data: including permissions, open access, and stale data.  These patterns and classifications will help enterprises meet GDPR head on, building out security policy to monitor and alert on GDPR affected data.

Try it today and discover how GDPR Patterns will help prepare you for 2018 and keep your data secure.

IAM & ITSM Integration with DataPrivilege

We’ve been talking a lot lately about unified strategies for data security and management, and the challenge of juggling multiple solutions to meet enterprise security needs.

DataPrivilege puts owners in charge of file shares, SharePoint sites, AD security and distribution groups by automating authorization requests, entitlement reviews and more. DataPrivilege now includes a new API so customers can take advantage of its capabilities by integrating with other technologies in the security ecosystem, like IAM (Identity and Access Management) and ITSM (IT Service Management) Solutions.

Our new DataPrivilege API provides more flexibility for IT and business users so they can unify and customize their user experience and workflows. With the API, you’ll be able to synchronize managed data with your IAM/ITSM solution and return instructions to DataPrivilege to execute and report on requests and access control changes.  You’ll be able to use the integration to externally control DataPrivilege entitlement reviews, self-service access workflows, ownership assignment, and more.

Ask for a demo and see how it works with your current set up.

 

🚨 Massive Ransomware Outbreak: What You Need To Know

🚨 Massive Ransomware Outbreak: What You Need To Know

Remember those NSA exploits that got leaked a few months back? A new variant of ransomware using those exploits is spreading quickly across the world – affecting everyone from the NHS to telecom companies to FedEx.

Here’s What We Know So Far

Ransomware appears to be getting in via social engineering and phishing attacks, though vulnerable systems may also be at risk if TCP port 445 is accessible. Unlike most ransomware that encrypts any accessible file from a single infected node, this ransomware also moves laterally via exploit (i.e., EternalBlue) to vulnerable unpatched workstations and servers, and then continues the attack. Unpatched windows hosts (Vista, 7, 8,10, server 2008, 2008 R2, 2012, 2012 R2, and 2016) running SMB v1 are all vulnerable.

Infected hosts are running strains of ransomware, such as Wanna Decrypt0r (more below) that encrypts files and changes their extensions to:

  •  .WRNY
  • .WCRY (+ .WCRYT for temp files>
  • .WNCRY (+ .WNCRYT for temp files)

The Ransomware also leaves a note with files named @Please_Read_Me@.txt, or !Please_Read_Me!.txt, and will display an onscreen warning.

Here’s What You Can Do

MS17-010, released in March, closes a number of holes in Windows SMB Server. These exploits were all exposed in the recent NSA hacking tools leak. Exploit tools such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance (all part of the Fuzzbunch exploit platform) all drop DoublePulsar onto compromised hosts. DoublePulsar was created by the NSA and is basically a malware downloader, which is used as an intermediary for downloading more potent malware executables onto infected hosts.

If you’re an existing DatAlert customer, you can set up office hours with your assigned engineer to review your threat models and alerts. Don’t have DatAlert yet?  Get a demo of our data security platform and see how to detect zero-day attacks.

DatAlert Customers

If you’re a DatAlert Analytics customer, the threat model “Immediate Pattern Detected: user actions resemble ransomware” was designed to detect this and other zero-day variants of ransomware; however, we also strongly recommend that you update the dictionaries used by DatAlert signature-based rules. Instructions for updating your dictionaries are here: https://connect.varonis.com/docs/DOC-2749

If for some reason you can’t access the connect community, here is how to update your dictionaries to include the new extensions for this variant:

Open the DatAdvantage UI > Tools > Dictionaries > Crypto files (Predefined)

Open the DatAdvantage UI > Tools > Dictionaries > Encrypted files (Predefined)

Details

Vulnerabilities

The Malware exploits multiple Windows SMBv1 Remote Code vulnerabilities:

Windows Vista, 7, 8,10, server 2008, 2008 R2, 2012, 2012 R2, 2016 are all vulnerable if not patched and SMBv1 Windows Features is enabled.

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Ransomware strains

WCry / WannaCry / WannaCrypt0r / WannaCrypt / Wana Decrypt0r

This outbreak is version 2.0 of WCry ransomware which first appeared in March. Until this outbreak, this ransomware family was barely heard of. Though likely spread via phishing and social engineering attacks, if tcp port 445 is exposed on vulnerable windows machines, that could be exploited using the Fuzzbunch exploit platform.

Other helpful links

 

Introducing the Automation Engine, DatAlert Analytics Rewind, and more

Introducing the Automation Engine, DatAlert Analytics Rewind, and more

Put Least Privilege on Autopilot

Getting to least privilege can be a nightmare. The first steps – tracking down inconsistent ACLs and remediating global access groups can turn even the most basic file share clean-up project into a huge to-do.

And so we’re thrilled to announce the upcoming availability of the Automation Engine, which will take the headache out of least privilege by discovering undetected security threats and fixing hidden vulnerabilities without all the manual legwork.

The Varonis Automation Engine automatically repairs and maintains file systems so that you’re less vulnerable to attacks, more compliant, and consistently enforcing a least privilege model.

  • Fix hidden security vulnerabilities like inconsistent ACLs and global access.
  • Revoke unnecessary access that users no longer need or use, reducing your risk profile.
  • Accelerate and automate least privilege.

Interested?  Get a demo now and be the first in line to try it.

What’s past is prologue

One of our earliest patents was our simulation capability in DatAdvantage – which our customers now use consistently to test access control changes against past access activity, highlighting users that would be disrupted or applications that might break if they had made those changes in the past.

We’re extending our simulation capabilities with Analytics Rewind.

DatAlert Analytics Rewind allows customers with three or more months of data to analyze past user and data activity with DatAlert threat models, and identify alerts that they would have gotten in the past. You can not only pre-emptively tune out false positives, but also look back at your data activity history to identify breaches that may have already occurred.

New Threat Models for Exchange and DS

You asked, we listened.  We’re adding more threat models to DatAlert Analytics to detect and prevent impersonation, exploitation, and account hijacking.  The latest set keeps you aware of suspicious mailbox and Exchange behaviors, password resets and unusual activity from personal devices.

Email security and Exchange:  New threat models flag abnormal amount of emails sent to accounts outside the organization, unusual mailbox activity from service accounts, and automated forwarding that might indicate an attacker trying to redirect and exfiltrate data.

Directory Services:  New threat models detect suspicious password resets that may indicate attempts to hijack a user account, unusual access to personal devices, suspicious attempts to access an unusual amount of resources, and unusual login activity that may indicate a credential stuffing attack.

Want to see them in action? Get a demo our data security platform and see how you can stop data breaches.

Varonis + Splunk: Epic Threat Detection and Investigations

Varonis + Splunk: Epic Threat Detection and Investigations

We’re bringing our powerful DatAlert functionality to Splunk® Enterprise to give you comprehensive visibility into data security with our new Varonis App for Splunk – now available for download on splunkbase!

DatAlert can now send alerts to the Varonis App for Splunk, providing Splunk additional context into anomalous file system, email, and Active Directory behavior. Users of the App can view Varonis alerts directly from Splunk Enterprise, and drill into DatAlert for additional insight into what’s going on and accelerate security investigations, reducing mean time to resolution.

At-a-glance Dashboards

Our at-a-glance dashboards set SysAdmins and Security Analysts up for success – correlating Varonis alerts with Splunk events, and providing additional insight and context into potential security threats.

Want to learn more?

You can take a closer look at selected entities in the drill-down dashboard – access a complete list of all alerts on a specific entity (user, asset, threat model, device) within the selected timeframe.

Streamline your investigation with the DatAlert Web UI – and determine whether suspicious activity is malicious or a misconfiguration.

Want to try out the Varonis for Splunk app? Download it directly from splunkbase to get started.

Not yet a Varonis customer? What are you waiting for! Check out a demo of our data security platform today and get a personalized walkthrough of the Varonis App for Splunk while you’re at it.

Introducing a new security dashboard, enhanced behavioral analysis, and mor...

Introducing a new security dashboard, enhanced behavioral analysis, and more

Every day we hear new stories about how our customers are using DatAlert to stop cyberattacks: detecting and disabling ransomware infections, discovering misconfigurations and vulnerabilities, and setting up automatic responses to malware infections.

And so, we’ve updated DatAlert to be more intuitive, powerful, and insightful than ever: 6.3.150 includes major updates to DatAlert, additional platform support, and performance enhancements.

New Security Dashboard: DatAlert is easier than ever to use as a starting point for investigating suspicious behavior, spotting unusual activity on file servers, and finding security vulnerabilities.  We’re introducing a configurable dashboard where you can easily identify and prioritize at-risk areas like global access, stale data, and overexposed sensitive information.

Alert investigation page: A new alert page enables quick triage on individual alerts – drill down on suspicious activity that might indicate that an attack is under way and triage for further investigation.  The alert investigation page offers additional security insights about users, data, time, and affected devices.

Enhanced behaviors and analysis:

  • Behavioral Peers: DatAlert can compare file and email touches of one user – along with other activity – to that of her peers. Behavioral peer comparisons are available directly within the alerts page to streamline investigation and help identify the severity of alerted behavior.
  • Device Insight: Review device context cards, and get insight through the DatAlert UI to see alerts triggered on specific devices.  Insights into devices also help highlight abnormal device usage per user account to pinpoint a computer that’s been compromised for insider activities.
  • Normal Working Hours: Varonis determines normal working hours for each individual based on email & file activity – and compares activity against their peers, to catch suspicious activity more quickly than ever.
  • Flags & Watch list: Customers can now flag suspicious users, putting them on a watch-list for tracking – making it easier to keep an eye on suspicious users and devices. Users can be highlighted based on past alerts or based on information from legal, HR, or other departments.

Want to see DatAlert in action?  Schedule a free demo and see how it works in your environment.

 

 

6.2.51 (including DLX) is now GA

6.2.51 (including DLX) is now GA

We’re excited to announce the GA release of 6.2.51: this release includes a range of enhancements focusing on data security, new integrations, and a more intuitive user interface.

Some of the highlights that are now generally available include:

New DatAlert Threat Models: Get inside-out security with sophisticated threat models built on advanced analytics, user behavior, and machine learning.  DatAlert threat models protect your data and trigger alerts on what looks unusual, uncovering potential security issues.

New DatAlert Web UI: DatAlert’s new web UI makes it easy to spot threats to your data – who’s behaving suspiciously and which data assets are threatened – and identify ransomware activity before it’s too late.  The new DatAlert UI includes:

  • A dashboard displaying alerts at a glance, top alerted users, assets, and threat models, along with a kill chain analysis.
  • In-depth views of alert data
  • Context cards with detailed information on alerts and activity

Varonis behavior research laboratory: A dedicated team of security experts, analysts, and data scientists who stay up-to-date on the latest security issues, APTs, and insider threats, and how to defend against them. The laboratory continually introduces new threat models to DatAlert – including the latest threat model introduced in 6.2.51 that actively detects patterns and user actions that resemble ransomware.

SIEM Integration: Users can automatically send DatAlerts into these external platforms, thereby increasing the speed and accuracy with which they are able to identify threats by correlating unstructured data behavior with alerts from other systems.

DatAdvantage for Microsoft Office 365: Get actionable insight and bi-directional visibility in the cloud with permissions visibility for Microsoft Exchange Online, SharePoint Online, OneDrive, and visibility into Active Directory for Azure.

Directory Services: Manage risk reduction and business intelligence more effectively by viewing authentication statistics, tracking GPO policy settings, and with real-time alerts on permissions and policy changes. See account authentication and access requests; when GPO settings were modified, and more.

Reporting enhancements: Varonis reports give insight into trends, help track and monitor activity and use, and give greater visibility into your data.  New reports include: Most active users per folder, GPO setting changes, Open access on sensitive data, and more.  The report API provides customers with restful APIs that enable accessing and extracting data from DatAdvantage.

Commit Management Platform: a centralized console enables managing individual and bulk changes to access control lists and group memberships, viewing history and dependencies of each change before it happens.  We’ve also added notifications on completion, configurable security options, and a rollback option for previously committed changes – saving time and eliminating potential mistakes while managing access control securely.

DataPrivilege for SharePoint: Customers can now use DataPrivilege to manage SharePoint sites and folders, setting permissions and membership requests, entitlement reviews, automatic rules and ethical walls, and more. DataPrivilege puts identity management in hands of decision makers: reducing IT burden, empowering decision makers, and sustaining a least-privilege model. Support for on-premises SharePoint entities includes:

  • Managing SharePoint site collections, protected sites and folders
  • Defining SharePoint permission levels and their inheritance structure
  • Managing SharePoint groups
  • Configuring and managing entitlement reviews for SharePoint entities
  • Ownership synchronization – Logical folder owners added through DataPrivilege are synchronized to the mapped physical folder in DatAdvantage.

DatAnswers: Search smarter with DatAnswers with more customization and control on how you manage enterprise search:

  • Users can run elevated searches, either by seeing unfiltered results or by impersonating a different user.
  • New methods are now available to retrieve a document’s metadata and the contact information of document authors, business owners and users who performed Create or Modify events on the document.
  • Limit the search scope to a specific folder or a set of folders
  • View more metadata for each item in the search results with the metadata pane

Additional Platform Support:

  • Red Hat 7, Ubuntu 12.04.4 LTS Kernal 3.2.1; Ubuntu 14.04 LTS Kernal 3.13.0
  • IBM Storwize v7000
  • AIX 7.1
  • Azure Active Directory and Office 365
  • Isilon 7.2 or higher for NFS events
  • SQL Server AlwaysOn availability groups.
  • NetApp 8.3 RC, GA; 8.3.1 RC; 8.3 P1 – Also supported for cluster mode
  • Nexenta

What is The Cyber Kill Chain and How to Use it Effectively

cyber kill chain hero image

The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. The kill chain helps us understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).

Lockheed Martin derived the kill chain framework from a military model – originally established to identify, prepare to attack, engage, and destroy the target. Since its inception, the kill chain has evolved to better anticipate and recognize insider threats, social engineering, advanced ransomware and innovative attacks.

cyber kill chain definition

How the Cyber Kill Chain Works

There are several core stages in the cyber kill chain. They range from reconnaissance (often the first stage in a malware attack) to lateral movement (moving laterally throughout the network to get access to more data) to data exfiltration (getting the data out).  All of your common attack vectors – whether phishing or brute force or the latest strain of malware – trigger activity on the cyber kill chain.

cyber kill chain phases

Each stage is related to a certain type of activity in a cyber attack, regardless of whether it’s an internal or external attack:

  • Reconnaissance
    The observation stage: attackers typically assess the situation from the outside-in, in order to identify both targets and tactics for the attack.
  • Intrusion
    Based on what the attackers discovered in the reconnaissance phase, they’re able to get into your systems: often leveraging malware or security vulnerabilities.
  • Exploitation
    The act of exploiting vulnerabilities, and delivering malicious code onto the system, in order to get a better foothold.
  • Privilege Escalation
    Attackers often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin.
  • Lateral Movement
    Once they’re in the system, attackers can move laterally to other systems and accounts in order to gain more leverage: whether that’s higher permissions, more data, or greater access to systems.
  • Obfuscation / Anti-forensics
    In order to successfully pull off a cyberattack, attackers need to cover their tracks, and in this stage they often lay false trails, compromise data, and clear logs to confuse and/or slow down any forensics team.
  • Denial of Service
    Disruption of normal access for users and systems, in order to stop the attack from being monitored, tracked, or blocked
  • Exfiltration
    The extraction stage: getting data out of the compromised system.

Below, we’ll explore each phase of the cyber kill chain in more detail.

8 Phases of The Cyber Kill Chain

cyber kill chain in depth phases

Each phase of the kill chain is an opportunity to stop a cyberattack in progress: with the right tools to detect and recognize the behavior of each stage, you’re able to better defend against a systems or data breach.

Reconnaissance

In every heist, you’ve got to scope the joint first. Same principle applies in a cyber-heist: it’s the preliminary step of an attack, the information gathering mission. During reconnaissance, an attacker is seeking information that might reveal vulnerabilities and weak points in the system. Firewalls, intrusion prevention systems, perimeter security – these days, even social media accounts – get ID’d and investigated. Reconnaissance tools scan corporate networks to search for points of entry and vulnerabilities to be exploited.

Intrusion

Once you’ve got the intel, it’s time to break in. Intrusion is when the attack becomes active: attackers can send malware – including ransomware, spyware, and adware – to the system to gain entry. This is the delivery phase: it could be delivered by phishing email, it might be a compromised website or that really great coffee shop down the street with free, hacker-prone wifi. Intrusion is the point of entry for an attack, getting the attackers inside.

Exploitation

You’re inside the door, and the perimeter is breached. The exploitation stage of the attack…well, exploits the system, for lack of a better term. Attackers can now get into the system and install additional tools, modify security certificates and create new script files for nefarious purposes.

Privilege Escalation

What’s the point of getting in the building, if you’re stuck in the lobby? Attackers use privilege escalation to get elevated access to resources. Privilege escalation techniques often include brute force attacks, preying on password vulnerabilities, and exploiting zero day vulnerabilities. They’ll modify GPO security settings, configuration files, change permissions, and try to extract credentials.

Lateral Movement

You’ve got the run of the place, but you still need to find the vault. Attackers will move from system to system, in a lateral movement, to gain more access and find more assets. It’s also an advanced data discovery mission, where attackers seek out critical data and sensitive information, admin access and email servers – often using the same resources as IT and leveraging built-in tools like PowerShell – and position themselves to do the most damage.

Obfuscation (anti-forensics)

Put the security cameras on a loop and show an empty elevator so nobody sees what’s happening behind the scenes. Cyber-attackers do the same thing: conceal their presence and mask activity to avoid detection and thwart the inevitable investigation. This might mean wiping files and metadata, overwriting data with false timestamps (timestomping) and misleading information, or modifying critical information so that it looks like the data was never touched.

Denial of Service

Jam the phone lines and shut down the power grid. Here’s where the attackers target the network and data infrastructure, so that the legitimate users can’t get what they need. The denial of service (DoS) attack disrupts and suspends access, and could crash systems and flood services.

Exfiltration

Always have an exit strategy. The attackers get the data: they’ll copy, transfer, or move sensitive data to a controlled location, where they do with the data what they will. Ransom it, sell it on ebay, send it to wikileaks. It can take days to get all of the data out, but once it’s out, it’s in their control.

The Takeaway

Different security techniques bring forward different approaches to the cyber kill chain – everyone from Gartner to Lockheed Martin defines the stages slightly differently. Alternative models of the cyber kill chain combine several of the above steps into a C&C stage (command and control, or C2) and others into an ‘Actions on Objective’ stage. Some combine lateral movement and privilege escalation into an exploration stage; others combine intrusion and exploitation into a ‘point of entry’ stage.

It’s a model often criticized for focusing on perimeter security and limited to malware prevention. When combined with advanced analytics and predictive modeling, however, the cyber kill chain becomes critical to data security.

With the above breakdown, the kill chain is structured to reveal the active state of a data breach. Each stage of the kill chain requires specific instrumentation to detect cyber attacks, and Varonis has out-of-the-box threat models to detect those attacks at every stage of the kill chain.

Varonis monitors attacks at the entry, exit, and everywhere in between. By monitoring outside activity – like VPN, DNS, and Proxy, Varonis helps guard the primary ways to get in and out of an organization.  By monitoring file activity and user behavior, Varonis can detect attack activity on every stage of the kill chain – from kerberos attacks to malware behavior.

Want to see it in action? See how Varonis addresses each stage of the kill chain in a 1:1 demo – and learn how you can prevent and stop ongoing attacks before the damage is done.

Visualize your risk with the DatAlert dashboard

Visualize your risk with the DatAlert dashboard

Last week, we introduced over 20 new threat models to help defend your data against insider threats, ransomware attacks and threats to your most sensitive data.

But with all this analysis – and all these threat models – how do you interpret and prioritize what to do next?

Enterprises have been using our UBA threat models to stop insider attacks and catch ransomware before their data gets compromised: and with so much attention to data security and heightened risk of data breaches, they need a better way to interpret and prioritize their investigations.

So we’ve created a new dashboard and web interface for DatAlert: an intuitive interface where you can quickly recognize whether your data is under attack, prioritize your investigation, drill down, and take action.

The new UI gives you a clean visualization of your data, designed to show a clear state of the system.

DatAlert_web_full

Context cards give you all the information you need on one screen with detailed analysis of alerts and activity, in order to simplify security processes and take next steps.

datalert_web_context

DatAlert’s web UI makes it easy to spot threats to your data: who’s behaving suspiciously, which data assets are threatened, and identify ransomware before it’s too late.

Curious to see how DatAlert looks with your data?   Get a free demo and find out.

Cryptolocker, lockouts and mass deletes, oh my!

Cryptolocker, lockouts and mass deletes, oh my!

DatAlert Analytics just got some new threat models. Our research laboratory is tracking new ransomware, finding vulnerabilities in common security practices, and setting up new threat models to keep your data safe from insider threats.

What’s included in the latest batch?

Executive account discovery

DatAlert Analytics now discovers executive accounts automatically. This means that you can easily find out when there’s unusual activity on c-level accounts: abnormal actions using c-level credentials, suspicious attempts to access critical files, and more.

Advanced ransomware behaviors

Is somebody creating and deleting files frequently?  Are there unusually high instances of renaming and modifying files?  This set of threat models finds and tracks actions that resemble ransomware behavior, triggering alerts on activity that raises red flags.

Abnormal lockout behaviors

An unusual amount of lockouts can often mean that somebody’s trying to steal privileges using a brute force attack or perpetrating a denial-of-service.  These threat models compare lockout events to a standard behavioral profile to see if it’s a simple misconfiguration, lateral movement or DOS.

Accumulative analysis on idle and sensitive data

We’re keeping track of what’s normal and what’s not – even at a gradual level.  DatAlert Analytics doesn’t just catch sudden spikes of unusual behavior, but is set up to track subtle deviations over time – catching illicit scanning actions, or subtle attempts at exfiltration.

Mass delete behaviors

Mass deletions could indicate anything from an attempt to destroy data assets to a denial of service attack.  DLX will sound the alarms if an unusual number of file deletions occurs – keeping data assets protected.

Want to see what DatAlert Analytics will find on your network?

Find out with a free risk assessment.

DatAlert Analytics and the Varonis Behavior Research Laboratory

DatAlert Analytics and the Varonis Behavior Research Laboratory

Last November, we introduced Varonis UBA threat models to automatically analyze behavior and detect insider threats throughout the lifecycle of a breach.  Our UBA threat models, which are major enhancements to Varonis DatAlert and are in beta availability, have been helping our customers protect their data – from spotting signs of ransomware activity to catching unusual activity on sensitive data.

But with news of more data breaches rolling out every day and brand new variants of ransomware popping up all the time, how can you keep up?

We’ve established a professional behavior research laboratory for just that reason.

Security experts and data scientists from Varonis now continually introduce new behavior-based threat models as part of DatAlert Analytics, keeping you up-to-date with the latest in security issues, APTs, and insider threats. This dedicated team is focused exclusively on creating new threat models to better protect your data, including privileged and service account detection and integration with all up-to-date malware and crypto repositories.

As insider threats become more sophisticated, so do our security tactics.  Some of the things our experts will focus on in the coming months include:

  • Account detection and auto-profiling, so you can automatically detect executive accounts and see unauthorized attempts to gain access to c-level data.
  • Threat models designed to alert on new variants of CryptoLocker so you can spot ransomware attacks before they get out of hand.
  • Threat models that detect mass deletes and lockout activity so you can find out when somebody’s attempting to damage or destroy data before it’s gone.

DatAlert Analytics is like having your very own behavior research laboratory to stay on top of the latest in security attacks and develop more ways to fight back against insider threats. Want to get see DatAlert Analytics in action?  Get in touch.