Behavior Analytics Detection Scenarios
There are two major areas that behavior analytics covers.
Insider Risk: this is key for Risk compliance teams (verticals such as finance, healthcare) and remediation may involve specific actions outlined within the company’s employee compliance policy.
Breach Detection: this is is key for the Security Operations team to detect a breach of the corporation’s defenses and requires remediation actions that include improving the company’s security posture.
The following table describes the scenarios, types of risk compliance, and enabled detections to address the risk.
Scenario | Scenario Description | Enabled Detections |
---|---|---|
Risk Compliance - Insider Risk Malicious Insider: Data Exfiltration | A malicious insider who wants to take the organization’s intellectual property to their next employer decides to download a large amount of data and upload it to their personal Google Drive instance. |
|
Risk Compliance - Insider Risk Malicious Insider: Data Destruction | An insider who is disgruntled and has decided to hurt the organization. They are deleting a bunch of documents in an attempt to disrupt operations. |
|
Security Operations - Breach Detection Compromised Credential: Strange Network Access | A user’s credential for Dropbox is compromised and used from a device outside the organization. The user is able to download data from the corporate Dropbox instance. |
|
Security Operations - Breach Detection Compromised Device: Malware Distribution | A user’s device is infected with malware and is being used to distribute malware to the rest of the organization. The user’s credentials are used to upload malware to Google Drive for others to load. |
|
Security Operations - Breach Detection Compromised Device: Lateral Movement | A user’s device is infected with malware and is being used to brute force into cloud application environments, generating a large number of failed log in attempts. |
|