Attacks/Breaches
3/14/2014
03:00 PM
Becca Lipman
Becca Lipman
News
Connect Directly
RSS
E-Mail
100%
0%

7 Behaviors That Could Indicate A Security Breach

Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.

Here's a rather uncontested statement: In the world of cybersecurity, there are many things that can go wrong.

Some breaches are intentional, others accidental. A case in which an employee unwittingly discloses confidential information or is working from an infected machine may look similar to the actions of employee who has gone rogue by uploading or downloading inappropriate data.

Regardless of its cause, determining whether a behavior is normal or not is important when it comes to detecting a variety of security breaches.

Skyhigh Networks compiled the following real-world examples of behaviors that security teams identified as several standard deviations outside of normal activity.

Read the rest of this article on Wall Street & Technology.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
pfretty
100%
0%
pfretty,
User Rank: Apprentice
3/17/2014 | 3:32:50 PM
Not just staying out of headlines, but avoiding the costs
It's crucial to pay close attention to the warning signs. According to the Ponemon 2013 Cost of Cyber Crime Report (http://www.hpenterprisesecurity.com/ponemon-study-2013), the average company experiences 100+ attacks per year at a cost of $11.6 million. These make breaches not just cause embrassment, but in many instances can be crippling to even the most otherwise stable organizations. Fighting off attacks starts with strategy and technology and continues to improve through education. 

 

Peter Fretty, IDG blogger working on behalf of HP
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-0889
Published: 2014-07-29
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote atta...

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3020
Published: 2014-07-29
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Best of the Web
Dark Reading Radio