KuppingerCole Report
Executive View
By Mike Small

StealthDEFEND®

Cyber-attacks often involve a complex process, including an insider threat element, which exploits compromised or illicit user credentials to gain access to data. StealthDEFEND is the real time file and data threat analytics component of the STEALTHbits’ Data Access Governance Suite.
By
sm@kuppingercole.com

Content of Figures

  1. Figure 1 StealthDEFEND as part of STEALTHbits' Data Access Governance
  2. Figure 2 StealthDEFEND Architecture (reproduced with permission from STEALTHbits)

1 Introduction

Detecting and managing attacks on IT systems is a serious problem. Cyber criminals are using increasingly sophisticated techniques to infiltrate organizational IT systems to commit crimes including data theft, denial of service and blackmail. However, statistics show most data breaches are detected by agents outside of the organization rather than internal security tools.

Traditional perimeter security devices like firewalls, IDS (Intrusion Detections Systems) and IPS (Intrusion Prevention Systems) are widely deployed. These tools are effective at controlling certain kinds of weaknesses for known threats, patterns and signatures. They also generate alerts when suspicious events occur; however, the volume of these events is such that it is almost impossible to investigate each as they occur. While these devices remain an essential part of the defence for the agile connected business, they are not able to detect a range of threats including the use of compromised credentials, insider threats, data exfiltration, access misuse and zero-day attacks.

SIEM (Security Information and Event Management) is often promoted as a solution to these problems. However, SIEM is just a set of tools that can be configured and used to analyse event data after the fact and to produce reports for auditing and compliance purposes. While SIEM is a core security technology it has not been successful at providing actionable security intelligence in time to avert loss or damage.

External attacks now involve a complex process, often including an element of social engineering, which exploits compromised or illicit user credentials to gain access to data. This is partly because of the strength of conventional network defences against direct frontal attack, and also because the use of apparently legitimate credentials bypasses other security controls like encryption. Furthermore, insider threats continue to be a real problem and these invariably involve the misuse of access rights. For these reasons identity and access controls have become the new perimeter.

The most effective way of detecting illegitimate access to data is through the monitoring of user identity, access and activity. Even more importantly, better access governance is essential to reduce the risks of data theft. Some traditional SIEM vendors are starting to include analysis of user activity logs in their products. However, recognizing what is abnormal versus normal remains a problem. Big Data machine learning technology provides a potential solution to this by identifying identity, access and activity patterns that are common among peer groups of users.

What is needed is the integration of user identity, access and activity analysis into cyber-defence to enhance threat prediction and detection as well as to enable remedial action to be taken before damage is done. This requires techniques taken from big data infrastructure and business intelligence machine learning to analyse the massive amount and variety of data from the many sources to raise alarms only where there is a high confidence that the threat from the anomalies detected is real.

The volume of threats to IT systems, their potential impact and the challenges in discriminating between real threats and false alarms are the reasons why a new approach is needed. The need to calibrate what is normal to reduce the signal-to-noise ratio in order to detect anomalies remains a challenge and accomplishing this using bespoke rules within some tools requires considerable skill. It is important to look for a solution that can easily build on the knowledge and experience of the IT security community, vendors, and service providers. End user organizations should always opt for solutions that include managed services and pre-configured analytics, not just bare tools.

2 Product Description

STEALTHbits Technologies is a privately held software company with its head office in Hawthorne NJ in the USA. The company is focused on protecting o ...

Login Get full Access

2.1 STEALTHbits Products Overview

STEALTHbits provides several products to support credential and data security processes for a range of environments. The products include:

  • Steal ...
Login Get full Access

2.2 StealthDEFEND®

StealthDEFEND is the real-time threat analytics component of STEALTHbits’ Data Access Governance Suite. It uses data from STEALTHbits Activity Moni ...

StealthDEFEND employs unsupervised Machine Learning technology that can detect patterns not discernible through summary statistical analysis. It is b ...

StealthDEFEND Key features include:

  • Unsupervised Machine Learning – StealthDEFEND incorporates Machine Learning models to evaluate, correlate, a ...
Login Get full Access

3 Strengths and Challenges

StealthDEFEND provides a useful solution to help detect cyber-threats. Unlike other solutions that focus on network traffic or on technical vulnerabi ...

Login Get full Access

4 Related Research

Advisory Note: Real Time Security Intelligence - 71033
Blog: Real-time Security Intelligence – more than just “next generation SIEM”
Leadership Compass: Privilege Management - 72330
Executive View: STEALTHbits® Products Overview - 70270
Advisory Note: Redefining Access Governance - Beyond annual recertification - 72529
Advisory Note: Understanding and Countering Ransomware - 70282
Survey: State of Organizations: Does Their IAM Meet Their Needs in the Age of Digital Transformation? - 74003
Leadership Brief: How to close the skill gap in your Cyber Defense Center - 72800

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top