TECHNOLOGIES OF USER ACTIVITIES MONITORING AND ANALYSIS IN PREVENTING INSIDER THREATS OF INFORMATION SECURITY OF AN ORGANIZATION
DOI:
https://doi.org/10.28925/2663-4023.2021.13.5062Keywords:
information security of an organization; internal threats to information security of an organization; Data Loss Prevention (DLP); Access Control; User Behavior Analytics (UBA).Abstract
The increase in the number of information security incidents related to personnel activities, the frequency of which has almost doubled in the last two years, has led organizations to use effective technologies that prevent and counteract internal threats to information security. An important role in this context belongs to the tools of monitoring and analysis of user activity. According to experts, in the coming years, such technologies will be implemented in 80% of solutions to identify threats and prioritize information security incidents.
The article reveals the essence and analyzes the functionality of several systems that monitor and analyze employee behavior, including Data Loss Prevention (DLP), Access Control, Analysis of User Behavior and IT objects (UBA / UEBA).
The authors establish that the DLP system monitors and reports on user attempts to transmit confidential information by monitoring mail and web traffic, wireless access, external storage, input/output devices, user workstation software, audio and video surveillance of its activities, etc.
Access control tools perform, in particular, the functions of monitoring access and movement of a person in protected areas of the object, collecting information from surveillance cameras, keeping records of working time. In the context of a pandemic, solutions have been developed that allow identifying a person in a mask on the face, to perform the functions of monitoring health.
Analysis of the functional characteristics of UBA / UEBA behavioral analytics systems showed that they not only solve the problem of collecting data from all possible available sources (software and hardware, logs, user correspondence, etc.), but also analyze the collected data and report atypical user behavior in case of its detection.
The article notes that behavioral analytics is used in a number of security technologies, such as Security Information and Event Management system, Intrusion Detection and Prevention System, and others, complementing and expanding their capabilities, helping to create comprehensive information security solutions.
The authors recommend organizations to use tools for monitoring and analyzing the user activities in different combinations or as part of integrated Information Security Management solutions to achieve the appropriate information security level in the face of growing threats from personnel.
Downloads
References
Data Breach Investigations Report. (2020). Verizon. https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf
15 Alarming Cyber Security Facts and Stats. Cybint. https://www.cybintsolutions.com/cyber-security-facts-stats/
Buriachok, V. L., Tolubko, V. B., Khoroshko, V. O., & Toliupa, S. V. (2015). Informatsiina ta kiberbezpeka: sotsiotekhnichnyi aspekt : pidruchnyk. DUT
Bashynska, I. O. (2014). Osnovni porushnyky ta zahrozy informatsiinoi bezpeky promyslovykh pidpryiemstv. Problems of social and economic development of business.
Zhyvko, Z. B. (2019). Suchasni metody zabezpechennia nadiinosti personalu : navchalnyi posibnyk u skhemakh i tablytsiakh. LvDUVS.
Elmrabit, N., Yang, S.-H., Yang, L. (2015). Insider threats in information security categories and approaches. https://www.researchgate.net/publication/283503171_Insider_threats_in_information_ security_categories_and_approaches
Markus, K., Pihelgas, M., Wojtkowiak, J., Trinberg, L., Osula, A.-M. (2018). Insider Threat Detection Study. Cooperative Cyber Defence Centre of Excellence. https://ccdcoe.org/uploads/2018/10/ Insider_Threat_Study_CCDCOE.pdf
Mazzarolo, G., Jurcut, A. (2019). Insider threats in Cyber Security: The enemy within the gates. https://arxiv.org/ftp/arxiv/papers/1911/1911.09575.pdf
Balakrishnan, B. (2021). Insider Threat Mitigation Guidance. SANS Institute. https://www.sans.org/reading-room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307
Common Sense Guide to Mitigating Insider Threats. Sixth Edition: Technical Report #CMU/SEI-2018-TR-010. Carnegie Mellon University. Software Engineering Institute. CERT National Insider Threat Center. https://apps.dtic.mil/sti/pdfs/AD1084084.pdf
Insider Threat Best Practices Guide. Second Edition. SIFMA. Sidley Austin LLP. https://www.nationalinsiderthreatsig.org/itrmresources/Insider%20Threat%20Best%20 Practices%20Guide%202nd%20Edition%20--%20SIFMA.pdf
Data loss prevention - Glossary | CSRC. NIST Computer Security Resource Center | CSRC. https://csrc.nist.gov/glossary/term/data_loss_prevention
Prokhorov, S. (2016). DLP v strukture ynformatsyonnoi bezopasnosty predpryiatyia. https://lib.itsec.ru/articles2/in-ch-sec/dlp-v-strukture-ib-predpriyatiya
Lutkevich, B. (2020). Access control. https://searchsecurity.techtarget.com/definition/access-control
All About Access Control. Everything covered from definition, types, to features and how-tos. https://www.supremainc.com/en/hub/insights-access-control.asp
UEBA (User and Entity Behavior Analytics) for when traditional Cyber Security can’t protect your network. Northforge Innovations. https://gonorthforge.com/ueba/
Sadowski, G., Litan, A., Bussa, T., Phillips, T. (2018). Market Guide for User and Entity Behavior Analytics. Gartner Inc. https://www.cbronline.com/wp-content/uploads/dlm_uploads/2018/07/gartner-market-guide-for-ueba-2018-analyst-report.pdf
IBM QRadar SIEM. IBM Security : White Paper. IBM Corporation. https://www.ibm.com/downloads/cas/RLXJNX2G
The Seven Essentials of an Analytics-Driven SIEM : White Paper. Splunk. https://www.bwdigitronik.ch/application/files/6915/8081/0492/the-seven-essential-capabilities-of-analytics-driven-siem.pdf
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
