Behavioral analytics based on streaming data have been absolutely critical to the worldwide crackdown on credit fraud. Yet these same analytics are not as widely used in cyber security. Is the detection of fraud (occurring as the result of stolen credit card details) really that different from the detection of the cyber-attacks that steal the sensitive data?
Earlier this month, I had the opportunity to address this issue in a talk at Oxford University’s Cyber Security Centre for doctoral training in cyber security. I discussed how technologies that have proven successful in the financial fraud area — such as transaction profiling, behavior sorted lists, self-learning models and behavioral analytics — can apply to the cyber domain.
It is well understood that defensive measures such as signatures are not sufficient. There is an absolute need to use predictive and detection technologies to find behavior anomalies associated with the machine traffic, which can point to compromised machines. Rather than trying to prevent compromise, the state of the art thinking in Cyber assumes that networks and machines are already compromised, and looks at how to detect removal of data from machines or stop the command and control instructions associated with behavioral anomalies.
The community at Oxford’s Cyber Centre had a deep appreciation for the value of these methods, and have been exploring a variety of outlier detection analytic methods. I am exploring the possibility of a joint research project with the Centre as we advance the state of the art of behavior analytics applied to cyber threats.
For another take on the need for behavioral analytics in cyber security, watch this short excerpt from Former White House CIO and Fortalice Solutions founder Theresa Payton’s keynote address at FICO World 2014 last month.