Hunting Zebras with Security Analytics
Much has been written and said recently about using data analytics to mine data for existing or probable security breaches. This morning, thanks to a tweet by @RohanPinto, I learned about a small, but practical application of this science … hunting Zebras.
In a Dark Reading article entitled, “Five Ways To Better Hunt The Zebras In Your Network,” Robert Lemos talked about zebras:
… Not the kind on that roam the African savannah, but the kind that sit at computers behind the corporate firewall.
Zebras are the employees, and their computers, who are doing something odd. Defenders are right to want to protect the zebras in their network, but defenders should occasionally “radio tag” and follow their zebras to see where they go.
He then proposed five steps to fight the zebras who might do you harm
- Know the network
- Collect all the data
- Find the foolish zebras
- Combine with threat intelligence
- Check back on your foolish zebras
It is worth the time to read the details of each step.
Happy Hunting!