Compliance : Thought Leader : :
Attacks Mostly Undetected Until Too Late
At JPMorgan Chase it looks like the attackers took advantage of a vulnerability in one of the customer facing apps that the bank uses to provide service to its customers. This type of sophisticated attack would appear to the security team like valid transactions done by banking customers walking in the virtual front door of the bank to consume banking services.
As has been true for most sophisticated attacks we have been seeing against American corporations lately, these attackers are very well funded and have the means to carry out their attacks mostly undetected until after the damage is done. The sophisticated attackers will make it past the firewall and into a company’s data, take on what would seem like a valid user identity and execute their attack posing as valid users.
The big question is how do you detect them once they are in, having taken on a valid identity or multiple identities that they use to carry out the attacks before significant damage is done? The way to ensure that these types of attacks are foiled early on is to leverage behavioral profiling technology that knows what normal behavior is and looks for anomalies.
For instance, if a banking customer normally performs a certain number of transactions per month and is suddenly performing multiple transactions in a single day then that should be flagged and investigated in real time to make sure that the account has not been hijacked or compromised.
The attackers have the advantage in that they get to choose who to attack, what resources to go after, how and when. Companies are using static defenses against these attacks and can’t predict where the next attack will come from and what the attackers will try to go after.
The preceeding are the views of Sharon Vardi, CMO at Securonix.
Securonix focuses on the application of advances in the fields of computing, statistics, behavioral sciences, machine learning and artificial intelligence for solving core security problems.