What Does Big Data Mean for Enterprise Security Intelligence?

Big data is a buzzword and it certainly can be ambiguous and overused. But it is actually really meaningful – particularly for enterprise security intelligence solutions. Big Data, however, is essentially meaningless unless you have the right tools to analyze massive amounts of data.

Here are a few of the advantages that big data brings to enterprise security intelligence:

  • We can collect more data than ever before on the cybercriminal and the source of the crime.
  • Big data lets us connect more data than ever before. This helps us understand the root cause of phishing threats.
  • Through patented analytic tools, we can actually correlate that data and understand who the bad guy is, and track his behavior patterns.
  • By using big data and adding the right analytical tools, you can siphon out and correlate the data, taking you directly to the source – the cybercriminal himself.

How do you make security awareness engaging?

Think back to all of the corporate training you’ve sat through during your career. Chances are (especially if you’ve worked at a large enterprise), that some of that training had little relevance to your job duties. How much knowledge from those courses did you retain? Although you technically completed the training, would you have been able to apply any of the information you were given in real life?

For many employees, security awareness training falls into this category. It’s something they probably don’t care about, and that doesn’t help them do their jobs. This is why traditional awareness training has failed. Users will do what they have to do to get through the training, check the box, and get back to their regular jobs. Their security awareness training is now a distant memory buried in a pile of other dull corporate training they’ve been forced to endure over the years.

There are Different Types of Cybercriminals: Which are the Most Dangerous?

When we speak about cybercrimes, such as phishing and malware attacks, we tend to lump cybercriminals into one category but there are many different types of cybercriminals. They are not all motivated to steal credentials that lead to some sort of financial theft. While those types of crimes do occur, it is important to distinguish between the different types of cybercriminals that comprise today’s threatscape.

Here are the basic types of cybercriminals in operation today:

  • Nation-states:Most notably, China, Iran, other nation-states looking to steal and infiltrate data.
  • Hacktivists: Activists or groups (like WikiLeaks) seeking to steal data and release it publicly.
  • Professional Cybercriminals:This group (led by technologists turned cybercriminal) does the most damage, particularly to financial institutions, retailers, e-commerce businesses, governments, etc. This group of cybercriminals actually creates more fraud, remediation and reputational damage than the other types of cybercriminals combined.

Regardless of which type of cybercriminal you’re dealing with, it is important for you to find who that bad guy is. That’s where enterprise security intelligence comes into play. This new technology, powered by big data, can help you locate, find and take legal action against a particular cybercriminal, or at least put the right countermeasures in place against that criminal and his behavior.

Which types of cybercriminals have you encountered in protecting your organization? Share your experience in the comments section below.

How to Integrate Anti-Phishing Solutions into Existing Security Infrastructure

Today, we answer the question “How do I integrate anti-phishing solutions into my existing security infrastructure?”

Today, layered security and perimeter-based security solutions are less effective than they used to be. Organizations tend to lump these things together as anti-phishing solutions as they deal with traditional symptoms of phishing problems – cybercriminals luring you to another site or emails with malware attachments.

The great thing about phishing intelligence solutions is they fit in with other solutions that you have in place, supporting standards such as XML, where the data you consume is normalized and delivered in the form of an IP Address that you can block directly from your firewall, IDS/IPS or whichever mechanism you have in place – quickly and easily.

PhishMe Inc. to Present at 2013 (ISC)² Security Congress in Chicago

(ISC)² Security Congress, September 18, 2013 – Chicago, IL – PhishMe, the leading provider of security behavior management services that improve employees’ resilience towards spear phishing, malware, and drive-by attacks, today announced that its CEO and co-founder, Rohyt Belani, will present at (ISC)² Security Congress in Chicago next week. Co-presenting with Brandon Dunlap of Brightfly Consulting, Belani will discuss why protecting U.S. critical infrastructure and industrial control systems (ICS), such as Supervisory Control and Data Acquisition (SCADA), will continue to be a key homeland security and national security issue and why spear-phishing attacks are a major threat. As the U.S. still tops the charts for providing the most comfortable hosting platforms for phishing sites internationally, the panelists will discuss the highly controversial approaches to U.S. offensive and defensive cyber strategy moving forward.

Negative reinforcement: How NOT to improve user behavior

One of the interesting aspects of security awareness training is the intersection of information security with human resources. We know from experience that security practitioners are not always experts in the latter, but what we recently saw from Dave Clemente was a real doozy.

Clemente suggested that employees who engage in unsafe IT security behavior (such as clicking on phishing links) be reprimanded and that unsafe behavior should even negatively affect their performance review. To the security part of your mind, it might feel good to punish people for their security sins. We need to remember, however, that the ultimate goal of security is to protect a network, not give users a reason to DDoS it.