Wednesday 5 October 14:00 - 14:30, Red roomFerenc Leitold (Secudit)
Anthony Arrott (Secudit)
Eszter Oroszi (Secudit)
Kálmán Hadarics (Secudit)An integrated, holistic approach to assessing the vulnerability of organizations to malware attacks requires measurement and correlation of three aspects: (1) vulnerability of protected IT infrastructure and processes to attack (e.g. penetration testing); (2) global prevalence and local incidence of malicious threats specifically relevant to the target organization (e.g. threat intelligence); and (3) vulnerability of authorized users to malicious manipulation such as social engineering (e.g. user behaviour analytics). While advanced tools are available for all three of these aspects, the affordability and practicality of high-quality continuous vulnerability assessment for smaller organizations is lowest for the third aspect: effective user behaviour analytics. This problem is particularly severe for protecting unstructured user data and ad hoc unregulated user practices.The problem is mitigated through both more actionable measures of user behaviour risk and more focused automated user behaviour monitoring. This paper provides a detailed view of the development of automatic measurements of user behaviour related to interactions required by threats, especially APTs. The user behaviour measurements are based on passive and active information gathering from the network and from the endpoint workstations used by the users. Passive measurements are related to the usual activities of the user while the active option can enable the possibility to measure the users' reactions in generated situations. The methodology include a complex algorithm for information analytics as well, which is the so-called automatic user profilization. Privacy issues are also considered and discussed.This paper presents new practical methods by which available results from (1) automated penetration testing and (2) threat intelligence feeds can be correlated with user behaviour monitoring to provide more actionable and focused visibility into user behaviour vulnerabilities.Click here for more details about the conference.