Security & Identity AnalyticsHow Security and Identity Analytics can Drive Adaptive Defence

Adam Evans | Senior Identity & Access Specialist | 24th February 2016

Source: PwC 2016 Global State of Information Security Survey(Responses from 10,000 CxOs in 127 countries 30% from Europe. Error margin <1%)

Hacking is Big Business…

The average annual Monetary loss was

$2.5m (

£1.75m)

per organisation

Finding the weak links – a full-time job

• Social media

• Link clickers

• Weak passwords

Adapting to Controls

“Enterprises are having a difficult time hiring skilled people as it takes 53% of organisations between 3 and

6 months to fill a position and 10% cannot fill them at all.”

Source: ISACA’s global survey, “The State of Cybersecurity: Implications for 2015”

Meanwhile, as the threat evolves…

Provide the limited professionals we have

with the best information for rapid decision making

Analytics applies algorithms or machine learning to the

“advisor feeds” for specific use cases

At Micro Focus, we believe that Identity and Security Analytics

holds the greatest hope of leveling the playing field with today’s

dynamic threats

Identity Analytics Use Cases

“Identity Analytics and Intelligence (IAI) moves organisations toward a contextual, dynamic, risk-based approach to identity

and access management.”

Source: Gartner

Risk-Based Authentication

• Use risk scoring to drive step-up authentication

• Static risk scoring can be assigned to the entitlement, user, or application

• Add dynamic risk at request such as time of day, geo location, IP address, or device

• Results can be shared back into the analytics engine as an advisor feed

Bad Behavioral Analysis

• Machine learning and anomaly detection based on identities

• Give privileged users insight into unusual activity with their credentials

• Identify unusual patterns of access, changes and data exfiltration

• Detect use of privileged account “backdoors”

Excessive Credential Detection

• Identify orphaned or rogue accounts based on login or peer group analysis – revoke accounts and save on SaaS licenses

• Compare employees being paid by HR, or contracts to orphaned or rogue accounts

Adaptive Access Certifications

• Request immediate access certification for high-risk transactions

• Prioritise the highest risk entitlements for access certifications

• Indicate dormant accounts or outlier access compared to peers

• Reduce rubber-stamping and increase revocation rates

Risk-Based ID & Access Provisioning

• Risk-informed access request and approval

• Policy improvement suggestions for roles or SOD controls

Generally, identity analytics provides better decision-

making information

Security Analytics Use Cases

Abnormal Sensitive File Access

• Unusual time of day for the user

• From a risky IP address, geographic location or unknown machine

• With credentials that haven’t been used in a while

Abnormal Data Exfiltration

• Large data sets

• Data movement to USB drives or an unusual location

Abnormal File Changes

• File replacement outside of change windows

• Changes made by an abnormal user

Abnormal Password Resets

• Brute force attempts at self-service password resets

• Abnormal time, location or device for password resets

Generally, security analytics is looking for abnormal activity

Enforce Access Controls

Monitor User

Activity

Identity-Powered Security

MinimiseRights

Analytics

The Micro Focus ApproachAn Integrated Identity, Access & Security Solution

Access Management & Authentication

SecureUser

Monitoring

Identity Governance & Administration

AnalyticsAnalytics

Identity Governance & AdministrationEnforcing the Least-Privilege Principle

IGAAccess

Request

Help-Desk Integration

Access Review

Privileged Identity

Management

Delegated Administration

Business Policy SOD & Roles

Identity Management

Minimise Rights

Enforce Access Controls

AMASingle Sign-On (Web, Cloud, Enterprise)

BYOI

BYOD

Multi-Factor Authentication

Federation

Risk-Based

Adaptive

Authentication

Access Management and AuthenticationA Secure Sign-on Experience

Monitor User Activity

SUMLog & Event Correlation

SIEM

File Integrity

Monitoring

Configuration Assessment

Anomaly Detection

Privileged Session

Recording

Secure User MonitoringAnalytics - Identify Abnormal

Benefits of an AnalyticsApproach…

• Targeted information for more efficient and intelligent decision making

• Reduced data sifting to more rapidly identify and eliminate threats

• Reduced overall risk with existing personnel resources

Questions?

Thank You For Listening