by Kevin Riley, Interim Co-President and CEO CTO for Ribbon
If there’s one thing security professionals should understand and acknowledge – whether they’re part of an organization’s multi-person IT security team or the CISO guiding that team – it’s that the widespread, varying and rapidly changing threat landscape is impossible to keep up with. For every step an organization takes in protecting its infrastructure, attackers are two steps ahead working to figure out how to break in. Why? Hackers are agile, can launch hundreds if not thousands of attacks at a time and, of course, are not constrained by employee, customer and shareholder demands.
Attacks against unified communications (UC) are some of the fastest growing and most misunderstood threats organizations face today, with the main threats being denial of service, toll fraud and data exfiltration. Just because your security team hasn’t detected a UC security breach, doesn’t mean the communications network hasn’t already been compromised. In fact, hackers may well be monitoring your network right now, without your knowledge, watching for a port to be left open. Or perhaps they have already penetrated and compromised your organization’s network and are waiting for the “right time” to attack, so they can exfiltrate data or shut down the entire communication access for your customers. If left unnoticed, hackers are free to go about their business with impunity.
That’s not to say organizations are without hope.
Where behavioral analytics fits into your security strategy
One of the key components to developing a strong security posture is to implement adaptive, automated solutions – underpinned by behavioral analytics – to identify security threats. Attacks are simply too relentless to approach security any other way.
Behavioral analytics has made a noticeable impact on the threat detection community. But why is it so critical to communications?
Each communication service provider and enterprise network have normative behavior, which can change over time. There is no fixed analytics algorithm to combat the majority of security threats. However, behavioral analytics can be used to create a baseline for normative behavior within an organization’s network. With this type of established baseline, identifying and sharing anomalous behavior is much easier.
Let’s take robo-dialing denial of service (DoS) attacks, for example. While it may be normal at times for a high number of calls to come into a contact center, too many calls from the same number or same area code may denote a problem – perhaps someone is trying to take down the contact center infrastructure. A behavioral analytics system with access to the right data can flag these calls to security personnel or automatically mitigated before the threat takes down an entire network.
Another example is malicious exfiltration, which can be one of the more difficult actions to identify. In many cases, traditional alarms will not be triggered. The ability to detect anomalies from normal daily operations is crucial to quickly identifying deviant actions that may require deeper investigation.
To make behavioral analytics work to your advantage, behavioral analytics-based solutions must be specifically tuned for UC. There are many trends that can be baselined – including call rate, call origination profiles, and message sizes – each of which maps to a particular threat profile. Security professionals must identify the threats that are of most importance and shape the appropriate behavioral analytics profile. In other words, there is a lot of behavior to look at, and security experts need to decide what exactly is important to them, then collect and analyze accordingly.
Beyond security – additional benefits and implications
Aside from security, behavioral analytics can also help optimize network planning. With a more granular view of network capacity, bandwidth utilization and traffic patterns, IT leaders can predict network resource requirements and maximize the performance of their organization’s network infrastructure. This insight allows organizations to make sure network resources are available to support the capacity of data being transferred between network locations and deliver the best quality of experience to their customers and employees.
With all the benefits behavioral analytics offers, it’s not without disruptions. One of the biggest consequences of behavioral analytics is going to be its impact on the industry – primarily subject matter experts who need to evolve. However, that’s not to say we won’t still need them. The power of behavioral analytics is removing the clutter from the subject matter expert and letting them focus on a smaller set of data that requires close inspection and action. Moving forward, people will look at the whole of network data, and tasked with remediating the “blips” that fall outside of what an organization considers normal.
One part of a whole security solution
Despite its capability to enhance network control and visibility, behavioral analytics cannot be looked at as a standalone holy grail to security. Behavioral analytics alone is never going to keep attackers off your network or prevent them from exfiltrating critical information. Instead, it is most powerful when it’s used as a feature in larger security solutions.
This is largely because behavioral analytics does not solve everything. It is one of several tools to combat security threats of a certain class. For example, detecting malware signatures in payloads with behavioral analytics would be difficult, and is a task best reserved for firewalls or email and network gateways.
As many people have said, there is no silver bullet in cybersecurity. Even with its potential disruption to jobs (at least in the short term), behavioral analytics – if applied correctly to solutions and overall security postures – has the opportunity to get pretty close.