One of the most vexing problems in computer security today is distinguishing malicious from legitimate behavior on victim networks. Sophisticated cyber criminals and nation-backed hacking groups make a point of moving low and slow on compromised end points and networks, while victim organizations are (rightly) wary of disrupting legitimate business activity for the sake of spotting a breach.
In this Security Ledger Podcast, Paul interviews Jason Sloderbeck, Director of Product Management at RSA, EMC’s security division. Jason talks about RSA’s Silvertail fraud analytics technology, and the organizational and technology issues that keep victims from spotting attacks.
One of the big mistakes organizations make when they investigate attacks, Sloderbeck said, is focusing too narrowly on a point in time during a web session that is felt to be a good indicator of compromise – like when a user authenticates to a service or “checks out” on an e-commerce web site.
“There’s a whole lot of activity before login and after,” said Sloderbeck. “It’s not just about detecting attacks and preventing them, but understanding what happen and getting visibility into behavior on the site,” he said.
Organizations – particularly in verticals like e-commerce – also continue to have silo’d security teams, with one group focused on traditional cyber attacks like malware and denial of service attacks, but a whole different group handling account fraud. Increasingly, those two worlds are coming together, as malicious activity like shopping cart and business logic abuse, e-wallet theft and account registration abuse straddle the worlds of hacking, malware and traditional fraud.
Check it out!