Armorblox is a sponsor of TechSpective
Data protection is simultaneously one of the most crucial and one of the most challenging goals of cybersecurity. When push comes to shove, all of cybersecurity essentially boils down to protecting data in some way. Judging by the frequency of massive data breaches, and the hundreds of smaller breaches that are so common we barely take notice, though, it seems there is significant room for improvement in how we go about protecting data.
Access Control Won’t Save You
One of the mantras of network and data security is access control. The idea seems simple enough—if you can accurately validate an individual’s identity and limit the resources and data they can access using permissions, then no unauthorized access should occur and your data will be safe. Yes? Well, unfortunately that is simply not the case.
There are a couple of major issues with relying on identity and access management (IAM) to guard against data breaches. Cyber criminals can obtain valid credentials through phishing scams, hacking, and other avenues. Just because someone seems legitimate when they log in doesn’t mean they are necessarily. According to the 2019 Data Breach Investigation Report (DBIR), 29% of breaches involved the use of stolen credentials.
The other issue with relying on IAM is that it ignores the insider threat. If the individual compromising or exposing data is a legitimate user with authorized access, there is no way access control can save you. Verizon found that 34% of data breaches involved an authorized insider. While you’re focused on keeping the bad guys out, your users who have valid credentials and legitimate access to data are putting it at risk.
Applying Behavioral Context
Doing your best to limit access to resources and data is still a worthwhile goal and you should have an effective IAM solution in place—just don’t rely on it to protect your data. When it comes to preventing data breaches, what’s more important than granting access based on credentials is the behavior that occurs once the account is validated.
Lisa may have credentials that provide access to sensitive company financial data, and she may access that data on a daily basis as a function of her role. However, if you just validate Lisa’s credentials and stop paying attention you will miss important things. What if Lisa usually just accesses files as she needs them, but one day Lisa’s account downloads 200GB of financial data? What if Lisa generally works from the office in Kansas City during normal business hours, Monday through Friday, but for some reason “Lisa” is logged in from Russia at 3am on a Sunday?
This is where machine learning and natural language understanding—NLU—are crucial. I had an opportunity to speak with Chetan Anand, co-founder of Armorblox and an expert on insider threats about the difference that NLU can make. He told me, “Armorblox is changing the game from access control to context control.”
Access control only acts as a gatekeeper, but doesn’t know or care what you do once you’re inside the fence. NLU provides automated proactive identification and detection of sensitive data, and it considers the context of the access. Why is the user asking for that information?
Anand told me that Armorblox can find things that other vendors and solutions miss. The NLU engine is able to detect social engineering and extortion attempts within emails, and identify behavioral anomalies in how, when, and why user accounts access data. He explained that Armorblox does a better job of protecting data while also reducing the number of false positives that IT teams have to waste resources chasing down.
Protecting data is absolutely essential for every organization, but access control alone is not enough and traditional data loss prevention (DLP) solutions have a variety of issues and are generally ineffective. Context is king when it comes to effective data protection and NLU enables organizations to automate the process of providing the context necessary.