SlideShare a Scribd company logo

Personam Solution - How it Works Brief

S
Sunny Geo
1 of 4
Download to read offline
  Page 1    COPYRIGHT © 2014, ALL RIGHTS RESERVED     
  Page 2    COPYRIGHT © 2014, ALL RIGHTS RESERVED  etecting active threats on a compromised network is an exceptionally difficult task, and very few organizations have been able to accomplish it. The evidence of this is clear from a single industry statistic: eighty-six percent (86%) of all data breaches go undetected by the breached organization1 . Insider threats play a significant role in this problem, and traditional cyber security tools can do little to address it. The reason for the failure lies in the approaches used by most cyber products, which tend to be focused on keeping criminals outside the perimeter and rely on a library of known, malicious patterns to match against ongoing activity. But insider threats don’t behave like a traditional cyber security problem: they already have legitimate access to the network, they know how to hide any criminal activty within the noise of everyday work, and they know where the organization’s most valuable assets are kept. Personam is addressing this widespread vulnerability with an entirely different approach, one specifically designed to detect an insider threat on a computer network. The key is to understand the behaviors of all the actors on a network (e.g. employees, contractors, automated processes, network-enabled devices, etc.), and identify the actors that are working outside the organizational norms. We do this by applying advanced machine learning techniques that use the network data to learn the behavior patterns of the actors and of the organization. Our technology can identify a threat even if the actor is using an unknown attack method, or is exfiltrating the data “low and slow” to avoid tripping traditional monitoring controls. Here’s how it works. Network Sensors. We place sensors at strategic locations on the computer network so that we can observe all data transfers to and from the organization’s critical assets, such as the shared file systems, mail servers, CMS applications and the like. We also place a sensor to collect any transfers to and from the internet.  D
  Page 3    COPYRIGHT © 2014, ALL RIGHTS RESERVED  The sensors use simple passive Ethernet taps plugged into the ports of a network  switch, and receive a copy of each data packet transferred through the switch. With the sensors in place, we have insight into all the critical activity on the network. The sensors perform some basic processing steps with each packet: header information is recorded, including source and destination IP addresses, ports, packet size, and others; lookup information is used  to identify the user accounts associated with the source of the transmission, and IP addresses are resolved to hosts internally or domains externally. Once each session is fully defined, the record is forwarded on to the behavioral analysis engines running on the appliance and the contents of the data packet are discarded. Behavior Profiles. The machine learning algorithms running on the appliance add each data point received from the sensors to the behavior profile of the actor that originated the transmission. This provides us with a rich history of how each actor uses the network. For instance, for a user account we might learn things like: which file folders are most frequently accessed, long term and more recently; which websites are preferred; what time of day the user logs into the network or take a lunch break; and the typical size for transmitted data packets to and from each network resource. We can also label each activity performed by an actor as being part of either a routine, or something more anomalous. And because actors on a network can generate a large number of anomalies, we can also characterize the type and number of anomalies the actor will typically generate in a given timeframe. Cohorts. With comprehensive behavior profiles, we can measure the distance of “behavioral similarity” between any two actors. The appliance performs this function continuously between each actor and every other actor on the network, placing those with the most similar behaviors together into cohort groups. Our behavior profiles and clustering algorithms for this feature are so effective that the resulting hierarchical diagram will generate a close match to the organization’s org chart, without any additional input data.
  Page 4    COPYRIGHT © 2014, ALL RIGHTS RESERVED  Defining the cohort groups provides additional insight into how the behavior patterns are distributed throughout the organization. This in turn gives us an additional perspective to identify outlying and suspicious behavior on the network. Identifying Threats. There are two powerful ways in which our system will identify an insider threat operating on the network. The first is through self-consistency monitoring: if the current behavior profile of an actor diverges from its baseline, there is a significant risk that either the actor’s account has been compromised, or that the actor has begun working counter to their previous efforts. The second method works by comparing the current behavior profile of an actor to the current behavior profiles of all other actors in their cohort group. This approach is particularly effective for identifying insider threats because their methods will often include the continuation of their legitimate work (which keeps them associated to with their cohort group), while hiding their malicious activity in the noise of daily activity. This method does not depend on a change to a behavior pattern; it works effectively even when the insider threat has been performing malicious activity before the Personam sensors and behavior profiling appliance were installed on the network. It’s important to note that our technology is not a simple anomaly detection mechanism. Machine learning and data analytics approaches to insider threat detection have been attempted in the past and failed due to the high volume of false positives they produced. Computer networks and the people using them generate enormous numbers of anomalies; alerting a security official every time will only result in the system getting turned off. Our advanced behavior profiles are designed to understand not just the baseline routines, but also the types and volumes of anomalies an actor typically produces. Our system generates alerts when the behavior profile, complete with its routines and anomaly patterns, indicates threatening activity. It’s the most advanced internal threat detection solution available. Personam is USA based, with product development studios, R&D, and our remote operations center in Virginia

Recommended

Analyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingAnalyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingEngr Md Yusuf Miah
 
Achieving high-fidelity security
Achieving high-fidelity securityAchieving high-fidelity security
Achieving high-fidelity securitybalejandre
 
A Secure Network Bridging the Gap
A Secure Network Bridging the GapA Secure Network Bridging the Gap
A Secure Network Bridging the GapColloqueRISQ
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune SystemAustin Eppstein
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacksTexas Medical Liability Trust
 
dos attacks
dos attacksdos attacks
dos attacksAMAL PERUMPALLIL
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data BreachesSymantec
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 

Recommended

Analyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingAnalyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingEngr Md Yusuf Miah
 
Achieving high-fidelity security
Achieving high-fidelity securityAchieving high-fidelity security
Achieving high-fidelity securitybalejandre
 
A Secure Network Bridging the Gap
A Secure Network Bridging the GapA Secure Network Bridging the Gap
A Secure Network Bridging the GapColloqueRISQ
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune SystemAustin Eppstein
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacksTexas Medical Liability Trust
 
dos attacks
dos attacksdos attacks
dos attacksAMAL PERUMPALLIL
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data BreachesSymantec
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 
Making Trust Relationship For Peer To Peer System With Secure Protocol
Making Trust Relationship For Peer To Peer System With Secure ProtocolMaking Trust Relationship For Peer To Peer System With Secure Protocol
Making Trust Relationship For Peer To Peer System With Secure ProtocolIJMER
 
Antigena Overview
Antigena OverviewAntigena Overview
Antigena OverviewAustin Eppstein
 
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...Hisham Al Zanoon
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Crits new one_dark-goffin
Crits new one_dark-goffinCrits new one_dark-goffin
Crits new one_dark-goffinZeev Rabinovich
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015n|u - The Open Security Community
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...JPINFOTECH JAYAPRAKASH
 
[Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry [Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry Seqrite
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKDATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKRobert Anderson
 
5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats5 Key Findings on Advanced Threats
5 Key Findings on Advanced ThreatsHannah Jenney
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques IJMER
 
Poema para los amigos
Poema para los amigosPoema para los amigos
Poema para los amigosCarlos Ramirez Matus
 
Deserción
DeserciónDeserción
Deserciónyazminfajardo
 
ADMISS
ADMISSADMISS
ADMISSIngenero
 
HSoE-PE
HSoE-PEHSoE-PE
HSoE-PERicardo A. VanEgas
 

More Related Content

What's hot

Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 
Making Trust Relationship For Peer To Peer System With Secure Protocol
Making Trust Relationship For Peer To Peer System With Secure ProtocolMaking Trust Relationship For Peer To Peer System With Secure Protocol
Making Trust Relationship For Peer To Peer System With Secure ProtocolIJMER
 
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...Hisham Al Zanoon
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Crits new one_dark-goffin
Crits new one_dark-goffinCrits new one_dark-goffin
Crits new one_dark-goffinZeev Rabinovich
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...JPINFOTECH JAYAPRAKASH
 
[Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry [Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry Seqrite
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKDATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKRobert Anderson
 
5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats5 Key Findings on Advanced Threats
5 Key Findings on Advanced ThreatsHannah Jenney
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques IJMER
 

What's hot (18)

Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace Finds
 
Making Trust Relationship For Peer To Peer System With Secure Protocol
Making Trust Relationship For Peer To Peer System With Secure ProtocolMaking Trust Relationship For Peer To Peer System With Secure Protocol
Making Trust Relationship For Peer To Peer System With Secure Protocol
 
Antigena Overview
Antigena OverviewAntigena Overview
Antigena Overview
 
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...
A Proposed Blueprint of a “privacy first” Pan Canadian Disease Contact Tracin...
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Crits new one_dark-goffin
Crits new one_dark-goffinCrits new one_dark-goffin
Crits new one_dark-goffin
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...
 
[Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry [Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
 
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISKDATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK
 
5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and IT
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques
 

Viewers also liked

Ray et al-1995-international_endodontic_journal
Ray et al-1995-international_endodontic_journalRay et al-1995-international_endodontic_journal
Ray et al-1995-international_endodontic_journalCarina Banica
 
новий рік ромашка середня грудень 2016
новий рік ромашка середня грудень 2016новий рік ромашка середня грудень 2016
новий рік ромашка середня грудень 2016Наталія Бабич
 
13. fasciculo 8. inteligencias multiples
13. fasciculo 8. inteligencias multiples13. fasciculo 8. inteligencias multiples
13. fasciculo 8. inteligencias multiplesPablo Santos Vilcherrez
 
OBSERVE O HORÁRIO E AS FOTOS
OBSERVE O HORÁRIO E AS FOTOSOBSERVE O HORÁRIO E AS FOTOS
OBSERVE O HORÁRIO E AS FOTOSLucio Borges
 
Welcome to padhula
Welcome to padhulaWelcome to padhula
Welcome to padhulaDev Chauhan
 
Drets humans (declaració dels drets del nen
Drets humans (declaració dels drets del nenDrets humans (declaració dels drets del nen
Drets humans (declaració dels drets del nendretsjoanoro
 
Bb46 team2 2016_poverty
Bb46 team2 2016_povertyBb46 team2 2016_poverty
Bb46 team2 2016_povertyPeter Tan
 
Conpes nacional de juventud
Conpes nacional de juventudConpes nacional de juventud
Conpes nacional de juventudHarold Ibarguen
 

Viewers also liked (14)

Poema para los amigos
Poema para los amigosPoema para los amigos
Poema para los amigos
 
Deserción
DeserciónDeserción
Deserción
 
ADMISS
ADMISSADMISS
ADMISS
 
HSoE-PE
HSoE-PEHSoE-PE
HSoE-PE
 
Ray et al-1995-international_endodontic_journal
Ray et al-1995-international_endodontic_journalRay et al-1995-international_endodontic_journal
Ray et al-1995-international_endodontic_journal
 
новий рік ромашка середня грудень 2016
новий рік ромашка середня грудень 2016новий рік ромашка середня грудень 2016
новий рік ромашка середня грудень 2016
 
13. fasciculo 8. inteligencias multiples
13. fasciculo 8. inteligencias multiples13. fasciculo 8. inteligencias multiples
13. fasciculo 8. inteligencias multiples
 
OBSERVE O HORÁRIO E AS FOTOS
OBSERVE O HORÁRIO E AS FOTOSOBSERVE O HORÁRIO E AS FOTOS
OBSERVE O HORÁRIO E AS FOTOS
 
Welcome to padhula
Welcome to padhulaWelcome to padhula
Welcome to padhula
 
Drets humans (declaració dels drets del nen
Drets humans (declaració dels drets del nenDrets humans (declaració dels drets del nen
Drets humans (declaració dels drets del nen
 
Bb46 team2 2016_poverty
Bb46 team2 2016_povertyBb46 team2 2016_poverty
Bb46 team2 2016_poverty
 
Conpes nacional de juventud
Conpes nacional de juventudConpes nacional de juventud
Conpes nacional de juventud
 
Reunion padres de familia 2015
Reunion padres de familia 2015Reunion padres de familia 2015
Reunion padres de familia 2015
 
Jessen~1
Jessen~1Jessen~1
Jessen~1
 

Similar to Personam Solution - How it Works Brief

Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSIJNSA Journal
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSIJNSA Journal
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
Application of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionApplication of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionIOSR Journals
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
 
Unraveling the Web: The Crucial Role of Network Traffic Analysis
Unraveling the Web: The Crucial Role of Network Traffic AnalysisUnraveling the Web: The Crucial Role of Network Traffic Analysis
Unraveling the Web: The Crucial Role of Network Traffic Analysiscyberprosocial
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)Aida Harun
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanningsai kiran
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for networkIJCNCJournal
 

Similar to Personam Solution - How it Works Brief (20)

Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data Analysis
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network Security
 
Application of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionApplication of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion Recognition
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
 
Idps
IdpsIdps
Idps
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
 
Unraveling the Web: The Crucial Role of Network Traffic Analysis
Unraveling the Web: The Crucial Role of Network Traffic AnalysisUnraveling the Web: The Crucial Role of Network Traffic Analysis
Unraveling the Web: The Crucial Role of Network Traffic Analysis
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanning
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for network
 

Personam Solution - How it Works Brief

  • 2.   Page 2    COPYRIGHT © 2014, ALL RIGHTS RESERVED  etecting active threats on a compromised network is an exceptionally difficult task, and very few organizations have been able to accomplish it. The evidence of this is clear from a single industry statistic: eighty-six percent (86%) of all data breaches go undetected by the breached organization1 . Insider threats play a significant role in this problem, and traditional cyber security tools can do little to address it. The reason for the failure lies in the approaches used by most cyber products, which tend to be focused on keeping criminals outside the perimeter and rely on a library of known, malicious patterns to match against ongoing activity. But insider threats don’t behave like a traditional cyber security problem: they already have legitimate access to the network, they know how to hide any criminal activty within the noise of everyday work, and they know where the organization’s most valuable assets are kept. Personam is addressing this widespread vulnerability with an entirely different approach, one specifically designed to detect an insider threat on a computer network. The key is to understand the behaviors of all the actors on a network (e.g. employees, contractors, automated processes, network-enabled devices, etc.), and identify the actors that are working outside the organizational norms. We do this by applying advanced machine learning techniques that use the network data to learn the behavior patterns of the actors and of the organization. Our technology can identify a threat even if the actor is using an unknown attack method, or is exfiltrating the data “low and slow” to avoid tripping traditional monitoring controls. Here’s how it works. Network Sensors. We place sensors at strategic locations on the computer network so that we can observe all data transfers to and from the organization’s critical assets, such as the shared file systems, mail servers, CMS applications and the like. We also place a sensor to collect any transfers to and from the internet.  D
  • 3.   Page 3    COPYRIGHT © 2014, ALL RIGHTS RESERVED  The sensors use simple passive Ethernet taps plugged into the ports of a network  switch, and receive a copy of each data packet transferred through the switch. With the sensors in place, we have insight into all the critical activity on the network. The sensors perform some basic processing steps with each packet: header information is recorded, including source and destination IP addresses, ports, packet size, and others; lookup information is used  to identify the user accounts associated with the source of the transmission, and IP addresses are resolved to hosts internally or domains externally. Once each session is fully defined, the record is forwarded on to the behavioral analysis engines running on the appliance and the contents of the data packet are discarded. Behavior Profiles. The machine learning algorithms running on the appliance add each data point received from the sensors to the behavior profile of the actor that originated the transmission. This provides us with a rich history of how each actor uses the network. For instance, for a user account we might learn things like: which file folders are most frequently accessed, long term and more recently; which websites are preferred; what time of day the user logs into the network or take a lunch break; and the typical size for transmitted data packets to and from each network resource. We can also label each activity performed by an actor as being part of either a routine, or something more anomalous. And because actors on a network can generate a large number of anomalies, we can also characterize the type and number of anomalies the actor will typically generate in a given timeframe. Cohorts. With comprehensive behavior profiles, we can measure the distance of “behavioral similarity” between any two actors. The appliance performs this function continuously between each actor and every other actor on the network, placing those with the most similar behaviors together into cohort groups. Our behavior profiles and clustering algorithms for this feature are so effective that the resulting hierarchical diagram will generate a close match to the organization’s org chart, without any additional input data.
  • 4.   Page 4    COPYRIGHT © 2014, ALL RIGHTS RESERVED  Defining the cohort groups provides additional insight into how the behavior patterns are distributed throughout the organization. This in turn gives us an additional perspective to identify outlying and suspicious behavior on the network. Identifying Threats. There are two powerful ways in which our system will identify an insider threat operating on the network. The first is through self-consistency monitoring: if the current behavior profile of an actor diverges from its baseline, there is a significant risk that either the actor’s account has been compromised, or that the actor has begun working counter to their previous efforts. The second method works by comparing the current behavior profile of an actor to the current behavior profiles of all other actors in their cohort group. This approach is particularly effective for identifying insider threats because their methods will often include the continuation of their legitimate work (which keeps them associated to with their cohort group), while hiding their malicious activity in the noise of daily activity. This method does not depend on a change to a behavior pattern; it works effectively even when the insider threat has been performing malicious activity before the Personam sensors and behavior profiling appliance were installed on the network. It’s important to note that our technology is not a simple anomaly detection mechanism. Machine learning and data analytics approaches to insider threat detection have been attempted in the past and failed due to the high volume of false positives they produced. Computer networks and the people using them generate enormous numbers of anomalies; alerting a security official every time will only result in the system getting turned off. Our advanced behavior profiles are designed to understand not just the baseline routines, but also the types and volumes of anomalies an actor typically produces. Our system generates alerts when the behavior profile, complete with its routines and anomaly patterns, indicates threatening activity. It’s the most advanced internal threat detection solution available. Personam is USA based, with product development studios, R&D, and our remote operations center in Virginia