About Us

SECURITY ANALYTICS

 

Security analytics is a method of threat detection and security monitoring that employs data collecting, aggregation, and analysis technologies. Security analytics technologies enable organizations to evaluate security events to discover possible attacks before they have a detrimental impact on the company’s infrastructure and bottom line.

To detect, evaluate, and mitigate internal risks, as well as persistent cyberthreats and targeted attacks from external bad actors, security analytics integrates big data skills with threat intelligence.

Cybersecurity analytics are significant because they allow IT, security teams to take control of cybersecurity monitoring. Security analytics can help your organization get insight across its whole IT ecosystem, enabling faster threat detection and the automation of more manual security activities.

The Role of Security Analytics

Security analytics is a developing field with a lot of potential for enterprises that want to remain on top of vulnerabilities and stay one step ahead of cybercriminals.

A number of factors are driving the expansion of security analytics, including:

Transitioning from protection to detection: Hackers deploy a variety of attack strategies to exploit numerous vulnerabilities. For months, certain risks can go undiscovered. Security analytics systems can monitor common threat trends and send notifications when anomalies are identified.

A unified perspective of the enterprise: Security analytics organizes data in such a way that it can be viewed in real-time as well as in the past. This enables smarter planning, faster resolution, and better decision-making by providing a unified view of risks and security breaches from a central console.

Seeing outcomes and getting a return on investment: IT teams are under increasing pressure to convey their findings to senior management and stakeholders. Security analytics enables analysts to quickly identify risks and respond to security breaches by providing time-to-resolution metrics and fewer false positives.

 

BENEFITS OF SECURITY ANALYTICS

Organizations benefit from security analytics technologies in numerous ways:

1. Early detection and response to security incidents. To detect threats or security issues in real-time, security analytics solutions analyze data from a variety of sources, connecting the dots between various events and alerts. The security analytics software does this by analyzing log data, combining it with data from other sources, and identifying correlations between events.

2. Adherence to regulatory standards. Compliance with government and industry laws is a primary motivation for security analytics technologies. Security analysis tools integrate a wide range of data types to give companies a single, unified view of all data events across devices, as required by regulations like HIPAA and PCI-DSS.

3. Improved forensics capabilities. For performing forensic investigations into occurrences, security analytics technologies are extremely useful. Security analytics tools can reveal the source of an attack, how a compromise occurred, what resources were affected, what data was lost, and more, as well as a timeline for the incident. Being able to recreate and analyze an incident might assist to inform and enhance organizational defenses in the future, ensuring that similar incidents do not occur.

Uses of SECURITY ANALYTICS

From boosting data visibility and threat detection to network traffic analysis and user behavior tracking, security analytics offers a wide range of applications. The following are some of the most common security analytics use cases:

  • Employee monitoring
  • Detecting data exfiltration by attackers
  • Detecting insider threats
  • Identifying compromised accounts

Above all, through the correlation of actions and alarms, security analytics aims to turn raw data from various sources into actionable insights in order to identify situations that require prompt attention. Security analytics technologies do this by adding a critical filter to the massive amounts of data provided by people, apps, networks, and other security solutions.

Kaspersky Industry Analyst Summit 2021

Global cybersecurity solution provider, Kaspersky, recently hosted its industry analyst summit 2021. Research analyst Sachin Birajdar attended the virtual event on behalf of Quadrant Knowledge Solutions (QKS).
The summit was opened by Kaspersky CEO Eugene Kaspersky, who talked about ‘Cyberimmunity on CyberAge’. Next, Kaspersky CTO Andrey Efremov elaborated on Kaspersky’s product vision and strategy. Alexander Moiseev (Chief Business officer) explained Kaspersky 2020 performance/2021 Outlook, while Sergey Martsynkyan explained the Kaspersky stage-by-stage approach.

Following this, discussions concerning Kaspersky Optimum Security EPP EDR, MDR and Sandbox security awareness, Kaspersky Hybrid Cloud Security, Kaspersky Expert Security: xDR (EDR, KATA, MDR), Kaspersky Cybertrace and threat intelligence, Kaspersky MDR services, Kaspersky OS/transportation, Kaspersky industrial cybersecurity, and Kaspersky fraud prevention took place. Kaspersky also announced the launch of its Optimum Security solution, which integrates EPP, EDR, and MDR in a single platform to help users create critical incident response process and protect from evasive attacks. The Kaspersky analysts further informed that the company is focusing on providing comprehensive multi-layered protection to the hybrid environment, supporting advanced level security, robust, granular visibility and control, and seamless integration with Kaspersky Optimum Security and Kaspersky Expert Security.

On this occasion, Kaspersky analysts also explained about their new technology and service framework Kaspersky Expert Security. This solution helps users to detect and respond to threats in the network, including APTs and targeted attacks and helps to enhance their current security system. Kaspersky informed that it offers threat intelligence services to contextualize various aspects of security operations and helps minimize the detection and response time. The analysts added that the company’s MDR (Managed Detection and Response) service offers continuous machine learning-driven protection to analyze, investigate and respond to threats in real-time. Kaspersky also informed the attendees about their efforts to secure organizations’ operational technology layers and elements, including SCADA servers, HMIs, engineering workstations, PLCs, network connections with their product and service portfolio. The company informed that it also provides training programs and technical support to manage organizational endpoint security and control industrial networks centrally. Kaspersky explained how they are allowing and securing organizational global client interaction on the web or mobile channels and how they are using machine learning and risk-based authentication to secure access to the accounts and resources.

Kaspersky introduced a new Operating system (KasperskyOS) to protect web integrated systems in emerging digital transformation use cases such as wired and autonomous vehicles. the analysts also showcased customer stories and use cases as proof of customer satisfaction and efficiency of the Kaspersky’ products.

Quadrant Knowledge Solutions would like to thank the Kaspersky team for providing an opportunity to attend the event.

About the Author

Sachin Birajdar
Analyst – Data Analytics and Security Domain

Sachin is a part of Quadrant’s global research and consulting team. He is responsible for data analytics & security research.
Sachin is responsible for conducting global strategic market outlook, SPARK Matrix Analysis, and client consulting assignments. He has worked on strategic research and vendor evaluation projects for Data Preparation Tool, Application Security Testing, Bot Management, Deception Technology, Identity as a service, Mobile Threat Management, Privileged Access Management (PAM), and such others. Sachin is also a part of Quadrant’s best practice team in identifying the most promising companies in the data analytics & security domain space. He was part of the team for consulting assignments including detailed market mapping, custom market intelligence, analyst briefing, and such others.
Sachin holds an MBA in Marketing and BSC in Physics from Savitribai Phule Pune University, India.

Integrated Risk Management Platforms – All You Need to Know

Defining risk

A risk is defined as “the potential for loss due to uncertainty” or “the possibility of something bad happening due to lack of security”.

From these definitions, we can safely incur, that to reduce risk, organizations should not only be extremely risk-aware, but also have impeccable security measures in place. In order to make organizations guarded from various types of risk, (Material/Physical Risks, Cyber Risks, Reputational Risks, Legal Risks, or Operational Risks) there are several measures that can be put in place – one of them being ERM or Enterprise Risk Management.

ERM is the practice of analyzing potential risk and creating a plan to control risk-eliminating activities. It helps view risks from a bird’s-eye view – at an organizational level – and create strategies that ensure mitigation of risk.

However, with the digital revolution unfolding, information/data dependency has drastically increased. This also means that the IT or Cyber-risks are rapidly evolving and call for a comprehensive methodology to deal with them.
Integrated Risk Management (IRM) specializes in handling the risks prevalent in an organization’s technological infrastructure. While it still includes multiple elements of Enterprise Risk Management, it takes a more polished, all-encompassing approach to risk management. It equips an organization to acknowledge, understand, and curb their distinct risk scenarios.

The correct implementation of IRM is highly dependent on an organizations’ risk-awareness and ability to –
  • Create and implement governance, risk assessment, and risk ownership framework.
  • Identify upcoming risks internally and externally.
  • Create and implement a response strategy.
  • Continuously monitor business objectives, update governance policies in accordance with goals, remain updated on new types of risks and threats, and comply with regulations.
  • Adopt the correct IRM solutions to build a strong and unified risk management architecture.
What are Integrated Risk Management Platforms?

Traditionally, GRC (Governance, Risk, and Compliance) Platforms took a siloed approach to risk management. This often led to negligence of important details and increased vulnerabilities.

GRC Platforms helped manage –

  • Governance – The framework of rules and guidelines that create a foundation for all business practices.
  • Risk – The possibility of an organization facing losses due to negligence, breach, non-compliance, or poor governance.
  • Compliance – Following the framework of rules established to ensure governance and reduction of risk.

As time has passed, GRC platforms have morphed into being more flexible, less siloed platforms. They now view risk management as a whole – with governance and compliance being an integral part of the risk management process. These evolved Governance, Risk and Compliance (GRC) Platforms are now known as Integrated Risk Management (IRM) / Centralized Risk Management (CRM) Platforms.

Integrated Risk Management Platforms help organizations cope with their ever-increasing risk management needs. The various functionalities of IRM Platforms are listed below –
  • Manage risks across data security, cyber security and compliance areas spanning across various locations or sources.
  • Standardize risk assessment methods and risk management frameworks across siloes to unify risk management practices across business functions.
  • Provide visibility into threat exposure, risk interconnections, vulnerabilities and their impact on overall security measures.
  • Create an internal audit process to provide specialized risk assessments and insights.
  • Create a tracking framework dependent on business policies to make compliance and data usage ethics stronger. This tracking also helps locate and remedy violations.
  • Store all the data required to monitor risks securely on a centralized database.
  • Create risk libraries that catalog the most critical risks and provide accurate and actionable data pertaining to the threat history for an organization.
  • Analyze risk-related data and present comprehensive reports with heat maps, risk summaries and risk-control dashboards.
  • Automate risk management tasks, deliver reminders and record events.
  • Highlight compliance related risks through continuous monitoring and real-time updates.

Apart from these, IRM systems can also manage end-to-end third-party risk assessments by reaching out to external databases and gathering information continuously to help organizations mitigate risks.
Integrated Risk Management Platforms are advantageous because they help organizations to reduce the manual labor that goes into ensuring information security for an enterprise. Additionally, there are multiple other advantages that automating risk management can bring.

  • Identify and analyze risks at the organizational level and create a strategic plan for risk management.
  • Execute risk management and compliance policies.
  • Speed up decision-making by providing a comprehensive list of the risks and pain points involved.
  • Create a bridge between the planning and execution of governance and compliance policies.
  • Become and remain risk-aware and proactive in risk management.

Decoding Zero Trust Security | Concept and various Models (Part-2)

The previous part of the blog talked about the concept of Zero Trust security, its relevance, and how it is catching traction in today’s time. This part talks about the different models to implement Zero Trust security in organizations. There are three different ways in which organizations can choose to implement Zero Trust security.

1. Software Defined Perimeter (SDP)

Software Defined Perimeter is an approach in network security that safeguards user access to applications and information irrespective of the location, time, and nature of the device used. Software Defined Perimeter follows a zero trust approach, wherein the network security posture is that of default deny. Access is granted upon authenticating and authorizing both user and device.

By making the applications and resources invisible and preauthorizing users and devices, SDP protects enterprise applications from a range of attacks like- denial of service, credential theft, server exploitation, connection hijacking, and APT/Lateral movement. Unlike the previous security models that worked till the network layer, SDP works right up to the application layer. It provides granular control on applications as users are allowed access only on authorized applications and not others.

2. Network Micro-Segmentation

Micro-segmentation or network Micro-segmentation is slicing the network into small logical segments and controlling access to applications and data on those segments. Diving the network into smaller segments reduces the attack surface for malicious attackers. Micro-segmentation policies are based on logical attributes or resource identity versus the user’s identity or IP addresses. Micro-segmentation creates an intelligent grouping of workloads based on their characteristics. It provides centralized dynamic policy management across networks, independent of the infrastructure.

3. Identity Aware Proxy (IAP)

IAP architecture offers access to applications through a cloud-based proxy. It follows the principle of least privileged access like SDP, but applications are accessed through standard HTTPS protocols at the application layer. Unlike SDP, which uses a direct tunnel for data transfer, IAP architecture provides authenticated and authorized secured access to particular applications using a proxy layer.

Google was the first one to implement zero-trust security architecture in their business using BeyondCorp, through an Identity Aware Proxy model. BeyondCorp is their internal network and access security platform designed for employees to access internal resources. BeyondCorp is a web proxy-based solution that supports HTTP, HTTPS, and SSH protocols. Following BeyondCorp, Google also launched Cloud Identity Aware Proxy for access control and protecting data in the cloud. Cloud IAP shifts access controls from the network perimeter to individual users.

Irrespective of whichever zero trust model companies choose to implement; it should be able to integrate with the company’s existing security infrastructure seamlessly.

(This is Part 2 of the blog and it explains the various models to implement Zero Trust security in organizations. To read on the concept of Zero Trust security refer HERE)

Growing Fraud and Mitigation Trends | EFM Trends

In this digital era, fraud is getting sophisticated and is the most accelerating concern of this digital age. eCommerce and online payments are growing swiftly, resulting in a gigantic shift to mobile and digital applications, maneuvering to seamless payment executions. Frauds are performed in a sophisticated manner on the dark web leaving the least amount of time for banks and systems to battle frauds. A few of the emerging frauds are money laundering and terrorist financing, account frauds, and identity thefts. Hence, it’s vital for financial organizations to embrace advanced AI, ML technologies in Enterprise Fraud Management solutions as opposed to the conventional approach to block and mitigate financial thefts. EFM solutions aids in reducing operational losses, detecting and alleviating fraud attacks, and maximizing the overall customer experience.

EFM platform provides s real-time screening of transactions across all channels and payment types. An increasing number of internal and external frauds with access to payment card data, personally identifiable information (PII), sim card cloning, and stolen credentials by fraudsters are resulting in a substantial financial and reputational loss. Furthermore, cybercriminals are increasingly targeting mobile channels for login attacks as customers across the global regions are adopting mobile applications for various financial transactions and online sessions.

The banking sector is concentrating on centralizing its risk management process, integrating all the key capabilities, analytics, systems to combat fraud efficiently. They are also emphasizing constantly updating fraud management processes with updated rules and models. Multiple financial organizations are acquiring real-time data of transactions from all channels and external data, thereby helping to enhance the accuracy in the identification of frauds.

The financial sector is experiencing a revolutionary metamorphosis, and higher hopes of customers expect banks to perform a smooth experience. In the modern world of intricate fraud attacks, financial enterprises are incorporating new technology innovation in the EFM solutions for identifying and mitigating internal as well as external frauds in the fraud domain.

Learn more about other EFM Trends here.

Decoding Zero Trust Security | Zero Trust Concept & Models (Part-1)

Years after it first got mentioned in 2010, the concept of Zero Trust is regaining momentum. Backed by analysts, vendors, and Cloud Security Alliance; Zero Trust is the latest buzzword in the security industry.

Zero Trust framework got popular in the wake of data breaches and modern cyber-attacks. The traditional security measures focused on creating a security perimeter for insiders, and everything outside the perimeter was untrusted. This model believed that insiders should be trusted and gave them full access to resources. Unfortunately, this model couldn’t cope up with the changing threat landscape with malicious insiders and outside attackers trying to move laterally to target important resources.

Decoding Zero Trust Security

Secondly, an upsurge in the number of IoT devices, increased mobility, and vast adoption of cloud by organizations is constantly pushing the network boundary closer to the identity. So rather than a network-centric perimeter, there is a need to have an identity-based perimeter, with users and devices being the center of focus.

To address these challenges, Zero Trust treats all access request with no trust and gives access permission on a strict need-to-know basis. Zero Trust is a concept in network security based on strict identity verification for users and devices. It requires that every access request by users or devices is fully authorized, authenticated, and encrypted before granting access. True to its nature “Trust nothing, verify everything”; Zero Trust security framework believes that nothing should be trusted and even requests originating from within the security perimeter should be verified. There are three models/ architectures through which Zero Trust security can be implemented in organizations –

  • Software-Defined Perimeter
  • Network Micro-Segmentation
  • Identity Aware Proxy

(This is Part 1 of the blog, where the concept of Zero Trust security is explained, Part 2 will discuss the various models to implement Zero Trust security)

Future of ML and AI in Financial Sector | Fraud Management Trends

The financial landscape is experiencing a revolutionary transformation, and tech-savvy customers expect banks to deliver a seamless and rich experience.

In the ever-growing sophisticated threats, too many frauds must be examined and improved manually. Hence, it is imperative for organizations to incorporate AI and ML-based technologies to differentiate among anomalies and malicious fraud. AI and ML identify patterns and supports the systems in acquiring configuration rule based on the pattern and the information is detected. Furthermore, ML aids in detecting suspicious financial transactions and money-laundering activities in real-time thereby flagging such activities and minimizing false positives.

Regardless of emerging trends of ML and AI in the EFM platform, some enterprises have still not utilized them because of various challenges involved. Such as the integration of ML and AI into the existing business functions and framework, the need for new resolutions to mitigate new kinds of attacks, and others.

Future of ML and AI in financial sector

Let’s look at the benefits which ML and AI has to offer –
  • Behavioral Patterns are detected at an early stage using ML and AI analytical models
  • Ensures safety and security of integration of customers data collated from various channels
  • It provides deep insights and analytics with visual graphics and a unified dashboard.
  • Prevents attacks and mitigates fraud.
  • Offers personalized customer experience.
  • Includes automation of processes with a minimal scope of errors.
  • Ensures regulatory compliance.
  • Enhances the branding of companies.
  • Optimizes the overall efficiency of the organization.

Due to many benefits and stiff competition, financial enterprises are embracing new technology innovations and integrating intelligent automation with AI and ML into their EFM solutions. The AML software, when joined with ML and AI can offer a lot of benefits like reduction in compliance costs with enhanced and effective solutions.  AI and ML are becoming critical, empowering banks to handle the enormous quantity of datasets, combating and preventing fraud and fraud- attacks quickly thereby optimizing profit.

Hence in this ever-changing dynamics in an app-driven planet, it is crucial for banks to adapt to various combinations of AI and ML, supervised and unsupervised ML and technologies, multiple algorithms in accordance with their requirements, and then implementing them into their systems.