Detect Anomalous Activity Ahead of a Data Breach
It takes companies 228 days, on average, to identify a security
breach, according to IBM. Attackers use a variety of ways to avoid detection once they've infiltrated your system and stay long enough to collect as much data as possible. By the time a breach is detected, attackers might have already caused significant damage to your business, your partners, suppliers and customers. When it comes to cybersecurity
, it’s never been more important to prepare proactively.
Indicators Of Compromise
There are a few typical event types you should look for to detect an intrusion. Warning signs that could indicate that a cyber breach or intrusion is underway include:
- Login from a malicious IP address -
The IP address has been associated with suspicious behaviour.
- Atypical travel -
Someone attempting to access an account from a location far from the users locations.
- Unfamiliar sign-in properties -
Unusual sign-in attempts.
- Password spray -
Attempting multiple passwords to gain access.
- Suspicious inbox forwarding & redirects -
Forwards of email or another provider (a typical activity performed by hackers to continue to monitor emails).
- Data deletion -
Large deletions of data.
- Anonymous IP address -
Someone trying to obscure their IP address.
- Malware linked IP address -
An IP address that has been associated with prior attacks.
- New country -
Attempts from a different country.
- Leaked Credentials -
Someone using login details which have been leaked.
- Suspicious email deletion activity -
Deleting emails after intercepting email dialogue.
- Data copied -
Large copies of data.
- Login from a principal user not seen in 60 days -
Login after a long period of inactivity.
- Vulnerability scanner detected -
Attempts to scan for exploitable vulnerabilities.
- Suspicious User Agent detected -
Using a suspicious web client to access resources.
- An event log was cleared -
A hacker attempting to hide their activity by clearing the event logs.
APEX® Advanced Threat Detection provides organisations a way to detect cyber-crime early. It uses machine-learning to identify risky activities, and the knowledge of your staff to determine whether these activities are a threat in progress. APEX® ATD brings the mean time-to-detect down from 228 days to hours.