Detecting Suspicious Behaviour
Are passwords still strong enough? Are virus scanners effective? While cyber attacks become stronger, so does the defence. In the past we used firewalls as moats to keep attackers out of our network. Now we also install firewalls within the network should cyber attackers come that far. Security measures surrounding log in procedures are also changing. It is a critical moment to unmask attackers. Which is why we discern someone logging in from China five minutes after having logged in from the Netherlands as suspicious.
In the past we treated log in data and access rights as isolated processes. Today we want to check if a log in procedure appears to be ‘normal’. However, it is too complex to manually set up rules to detect suspicious behaviour. What started out as Security Information Event Monitoring (SIEM) has now evolved to Security Analytics. This includes domains such as Insider Threat Management, Identity & Access Analytics and Application Security Analytics. Big Data analyses are used within these domains propose automated rules.
We offer the latest methods and technologies to detect abnormal behaviour.