Customer Data Security for Global Internet Giant

Global Internet Giant Bolsters Customer Data Security with CyberPROOF’s c-AssurPeople User Behavior Analytics

 

Background

One of the world’s largest Internet companies manages all customer data in a proprietary account management system, which is at the heart of its business operations. Not surprisingly, this company has a large security team and invests huge efforts to ensure the privacy and integrity of its customer data.

Aware of the dangers of today’s cyber threats, the company’s security team realized that it required smarter tools to protect its infrastructure and internal systems from hard-to- detect user-based threats. In fact, while searching for a new and more effective solution, the company experienced a security incident that exploited legitimate user credentials.

 

The Need: Protect Sensitive Data from User-Based Threats

When it came to evaluating possible solutions for user analytics, the organization started with Splunk, which it was already using as a log repository. However, it quickly realized that while Splunk is good for storing and running basic analytics on log data collected from myriad systems, it lacks user-centric analytics and advanced self-learning capabilities required to detect anomalies, profile behavior, and generate risk scores. This is exactly the type of user intelligence it needed to discover and investigate potential risks to its sensitive customer data.

However, adding this type of functionality to Splunk would have required knowledge and expertise that its own in-house development team simply didn’t have. For this reason, the customer sought an analytics solution that could complement the capabilities of Splunk by giving their security analysts better insights and visibility into user behaviors.

 

The Challenge: Extract Actionable User Intelligence from Log Data

The customer already used Splunk to collect massive volumes of log and event data from hundreds of data sources. What it needed was a way to mine and analyze this log data to find suspicious and/or malicious user behaviors that could indicate serious data breaches.

Another key technical challenge was integrating the analytics solution within the customer’s homegrown and proprietary system environment. The customer required a flexible solution that could easily accommodate the new data source (i.e., its cus- tomer account management system), as well as tailored functionality to support its specific use cases. And it needed all of this in a very short time-frame.

 

The Solution: CyberPROOF’ c-AssurPeople - User Behavior Analytics

With these requirements in mind, the customer decided to evaluate CyberPROOF’s User Behavior Analytics solution. c-AssurPeople’s advanced machine learning algorithms were exactly what it needed to complement Splunk and the skills of its own in-house security team. In addition, the fact that these algorithms run on Hadoop allowed the customer to leverage its existing Hadoop big data cluster.

Moreover, c-AssurPeople seamlessly connects to the customer’s Splunk environment, retrieves the log data associated with user login activities, and generates insights into abnormal and suspicious user behaviors for immediate investigation by analysts.

c-AssurPeople also sessionizes the data, giving each event a broader user context. Based on the customer’s specific requirements, CyberPROOF also built custom tailored reports to address scenarios related to the company’s proprietary system and data environment.

The first stage of the evaluation was a two-week pilot, whose objective was to examine the ability of c-AssurPeople’s machine-learning algorithms to discover a set of known user-based threats. Not only did c-AssurPeople identify all known threats, it also discovered some unknown scenarios worthy of investigation.

Buoyed by these outstanding results, the customer decided to proceed with full system deployment. This included preparing the system to handle live streams of data from Splunk, as well as building user profiles over a longer time period based on historical data in order to improve algorithm accuracy.

In addition to its machine-learning algorithms, c-AssurPeople system comes with a set of core analyst reports, designed to help analysts identify and investigate common security scenarios (e.g., geo-hopping, VPN exfiltration). Each report includes a dedicated set of tables, widgets, and visualizations that make it easy for analysts to view all information relevant to a given scenario.

 

The Results: Better Visibility, Reduced Risk, Improved Analyst Productivity

The company’s Incident Response Team is currently using CyberPROOF’s solution in live operations. Security analysts log into c-AssurPeople each day to get an up-to-date overview of the most suspicious user sessions or events, as well as to view alerts sent by the system. Team members can then drill down within c-AssurPeople to investigate a particular event. Specifically tailored analyst reports enable analysts to quickly identify other similar cases that may provide insight into the investigation.

After understanding the user behavior, investigators can use other systems and/or directly communicate with the user to validate a particular action in order to determine whether or not the anomaly points to a potential security breach that needs to be remediated.

Through a fully automated process, c-AssurPeople enables smarter and faster detection of user-based threats that may pose a risk to sensitive customer data. c-AssurPeople’s user behavior analytics gives the organization’s Incident Response Team the added visibility it needs to discover incidents that previously would have gone unnoticed.

Learn more about using user behavioral analytics and other tool and services available to protect your company. Visit www.cyberproof.com