Attacks/Breaches
3/14/2014
03:00 PM
Becca Lipman
Becca Lipman
News
Connect Directly
RSS
E-Mail
100%
0%

7 Behaviors That Could Indicate A Security Breach

Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.

Here's a rather uncontested statement: In the world of cybersecurity, there are many things that can go wrong.

Some breaches are intentional, others accidental. A case in which an employee unwittingly discloses confidential information or is working from an infected machine may look similar to the actions of employee who has gone rogue by uploading or downloading inappropriate data.

Regardless of its cause, determining whether a behavior is normal or not is important when it comes to detecting a variety of security breaches.

Skyhigh Networks compiled the following real-world examples of behaviors that security teams identified as several standard deviations outside of normal activity.

Read the rest of this article on Wall Street & Technology.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
pfretty
100%
0%
pfretty,
User Rank: Apprentice
3/17/2014 | 3:32:50 PM
Not just staying out of headlines, but avoiding the costs
It's crucial to pay close attention to the warning signs. According to the Ponemon 2013 Cost of Cyber Crime Report (http://www.hpenterprisesecurity.com/ponemon-study-2013), the average company experiences 100+ attacks per year at a cost of $11.6 million. These make breaches not just cause embrassment, but in many instances can be crippling to even the most otherwise stable organizations. Fighting off attacks starts with strategy and technology and continues to improve through education. 

 

Peter Fretty, IDG blogger working on behalf of HP
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

CVE-2014-0600
Published: 2014-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

CVE-2014-0888
Published: 2014-08-29
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

CVE-2014-0897
Published: 2014-08-29
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection me...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.