CenturyLink, Inc. has launched its Managed Security Behavioral Analytics (MSBA) service package in Asia Pacific. This single-platform offering provides organizations with the capability to monitor for and detect insider threats on critical assets.
It employs behavioral analytics algorithms to find malicious user activities and automates the review of privileged account activities. It also detects events that pose a risk, known attacker behavior, anomalous network activities and deviations in account behavior.
The typical architecture of a customer’s enterprise network, servers and where CenturyLink Service and SOC teams fit into the model, illustrating how we monitor the customer’s environment and respond to cyber threats.
According to a new report from the Ponemon Institute called “2020 Cost of Insider Threats: Global,” the average global cost of insider threats rose by 31% to $11.45 million, and the frequency of incidents spiked by 47% compared to 2018.
The study also highlighted that negligent employees or contractors, who were found to have caused 62% of insider threats, created the highest financial burden of the profiles, costing an average of $4.58 million per year.
“Enterprises today face a stark new reality where cyberthreats go beyond ransomware, malware and perimeter data breaches,” said Cathy Huang, associate research director for services and security at IDC Asia/Pacific. “Organizations are overlooking a potential threat vector from within their businesses, where the risk of sensitive data loss and breaches are high – their employees. These insider acts could be classified as unintentional or malicious, but they are equally impactful to a company’s overall cyber defense efficacy and can possibly damage the reputation and trust a customer has given them.”
“As more digital businesses move their vital infrastructure online, it is crucial that they have a proactive cybersecurity strategy to monitor and protect their assets,” said Cheah Wai Kit, director, product management (Security), CenturyLink Asia Pacific. “Cyberthreats within the organization can possibly go unnoticed for months, or even years. The CenturyLink Managed Security Behavioral Analytics service delivers an integrated approach of unique technologies that are monitored and managed by the CenturyLink Security Operations Center. This solution offers business leaders advanced visibility into potential threats that may be hidden within their networks, IT infrastructure, applications and databases.”
Many companies have detection controls on their network or can implement controls when an outsider (non-employee) tries to access their company data, and they can mitigate the threat with physical security controls.
The threat that is harder to detect, however, and who could cause the most damage is the insider – the employee with legitimate access. Insiders might steal solely for personal gain, or they may be a “spy” who are stealing company information or products to benefit another company, organization or country.
With the MSBA service, organizations can:
•Detect and deter insider cybersecurity breaches by monitoring for deviation in account behavior, with a focus on security-relevant events posing a risk.
•Monitor for signs of credential theft, hijacked accounts, malicious account activities and login anomalies.
•Automate the review of privileged account activities to find unauthorized transactions and malicious activities at the operating system, application, and database levels.
•Detect malicious server network traffic for signs of backdoors, lateral movement, malware traffic and data exfiltration.
•Detect signs of an early breach to minimize dwell time.
The MSBA service package features:
•Intelligent analytics: Automated threat-detection algorithm reviews both user and network activities to identify potential indicator of compromise (IOC) risks based on profiled user personas, known attacker behavior based on threat intelligence, and industry frameworks such as MITRE ATT&CK.
•Embedded detection: Lightweight sensor/agent runs on servers hosting critical assets, data and applications.
•Privileged account monitoring: Monitors security-relevant, privileged operations for anomalies and unusual operations such as abuse of data access, unauthorized transactions and excess privileges.
•Behavioral baseline: Gathers insights into individual user personas to establish a pattern of normal behavior from which to identify anomalies and provide quick detection of insider threat indicators.
•Real-time discovery: Provides 24/7 monitoring via integration into the CenturyLink Security Operations Center (SOC) for triage and escalation.
•Platform agnostic: Supports multiple operating systems.
CenturyLink cybersecurity experts will also be available to provide consultation as part of the MSBA service package. Their role is to provide advice and make recommendations to help organizations improve their security postures.
“The rising significance and impact of cybersecurity is no longer just technical or compliance issues, but also business and strategy concerns to which Asia Pacific organizations are paying closer attention,” said Huang. “With Asia Pacific organizations experiencing stronger regulatory pressures and recognizing investment in security as part of their digital transformation battleplan, they are looking for service providers to support their business objectives. The value brought by Managed Security Services Providers (MSSPs) to the ecosystem is clear. To build effective cyber risk strategies, a MSSP must align cyber defense controls with business goals. This requires deep industry expertise and capability to develop industry-specific threat models that go beyond conventional infrastructure layer monitoring.”
“What we are offering is peace of mind and a testament to our commitment as a trusted Managed Security Services Provider to our customers to See More and Stop More,” concluded Cheah. Besides MSBA, CenturyLink’s SOC is also responsible for delivering our portfolio of detection and mitigation services, including analysis and leveraging threat intelligence data provided by Black Lotus Labs, CenturyLink’s threat research arm, which analyzes 190 billion NetFlow sessions and over 3.6 million security events every day.