[Log In] []

Exploring the science and magic of Identity and Access Management
Friday, October 23, 2020

Hunting Zebras with Security Analytics

Information Security
Author: Mark Dixon
Saturday, March 9, 2013
8:07 am

Zebraandhorses

Much has been written and said recently about using data analytics to mine data for existing or probable security breaches. This morning, thanks to a tweet by @RohanPinto, I learned about a small, but practical application of this science … hunting Zebras.

In a Dark Reading article entitled, “Five Ways To Better Hunt The Zebras In Your Network,” Robert Lemos talked about zebras:

… Not the kind on that roam the African savannah, but the kind that sit at computers behind the corporate firewall.

Zebras are the employees, and their computers, who are doing something odd. Defenders are right to want to protect the zebras in their network, but defenders should occasionally “radio tag” and follow their zebras to see where they go.

He then proposed five steps to fight the zebras who might do you harm

  1. Know the network
  2. Collect all the data
  3. Find the foolish zebras
  4. Combine with threat intelligence
  5. Check back on your foolish zebras

It is worth the time to read the details of each step.

Happy Hunting!

Comments Off on Hunting Zebras with Security Analytics . Permalink . Trackback URL
WordPress Tags:
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.