Defense in Depth Tracking Anomalous Behaviors of Legitimate Identities
11 snips
Feb 15, 2024 Adam Koblentz, field CTO at Reveal Security, discusses monitoring anomalous behavior of users, understanding threat actors in networks, and the role of AI-based tools. They highlight the importance of context in anomaly detection, tracking past activities, and strong multifactor authentication. The chapter emphasizes the significance of anomaly detection and user profiling, with a mention of sponsor Reveal Security as a helpful resource.
AI Snips
Chapters
Transcript
Episode notes
Sequential Inbox Reading Revealed A Takeover
- A crime group logged in after victims left, forwarded MFA codes, and read emails sequentially for financial data.
- That behavior stood out because humans rarely read an inbox item-by-item for hours.
Verify Suspicious Actions Via Trusted Channels
- Use an automated, trusted channel to verify suspicious actions with the user before taking harsh remediation.
- Ask simple yes/no confirmations (e.g., via Slack) to quickly triage intent.
Digital Twins Require Longitudinal Detection
- Attackers can create highly convincing digital twins that mimic legitimate users.
- Detecting them requires longitudinal behavioral comparison, not single-point checks.