Detect Anomalous Activity Ahead of a Data Breach
It takes companies 228 days, on average, to identify a security
breach, according to IBM. Attackers use a variety of ways to avoid detection once they've infiltrated your system and stay long enough to collect as much data as possible. By the time a breach is detected, attackers might have already caused significant damage to your business, your partners, suppliers and customers. When it comes to cybersecurity
, it’s never been more important to prepare proactively.
Indicators Of Compromise
There are a few typical event types you should look for to detect an intrusion. Warning signs that could indicate that a cyber breach or intrusion is underway include:
- Login from a malicious IP address - The IP address has been associated with suspicious behaviour.
- Atypical travel - Someone attempting to access an account from a location far from the users locations.
- Unfamiliar sign-in properties - Unusual sign-in attempts.
- Password spray - Attempting multiple passwords to gain access.
- Suspicious inbox forwarding & redirects - Forwards of email or another provider (a typical activity performed by hackers to continue to monitor emails).
- Data deletion - Large deletions of data.
- Anonymous IP address - Someone trying to obscure their IP address.
- Malware linked IP address - An IP address that has been associated with prior attacks.
- New country - Attempts from a different country.
- Leaked Credentials - Someone using login details which have been leaked.
- Suspicious email deletion activity - Deleting emails after intercepting email dialogue.
- Data copied - Large copies of data.
- Login from a principal user not seen in 60 days - Login after a long period of inactivity.
- Vulnerability scanner detected - Attempts to scan for exploitable vulnerabilities.
- Suspicious User Agent detected - Using a suspicious web client to access resources.
- An event log was cleared - A hacker attempting to hide their activity by clearing the event logs.
APEX® Advanced Threat Detection provides organisations a way to detect cyber-crime early. It uses machine-learning to identify risky activities, and the knowledge of your staff to determine whether these activities are a threat in progress. APEX® ATD brings the mean time-to-detect down from 228 days to hours.