"How 'Indicators of Behavior' Deliver Left-Of-Breach Security"

The bipartisan Cyberspace Solarium Commission created by the 2019 National Defense Authorization Act gathers representatives from science, academia, business, and other sectors to propose strategies for the government to defend the U.S. against constantly changing threats and vulnerabilities in the cyber realm. It has been made clear that the nation needs to take a more proactive, innovative approach to cybersecurity. As cyber threats continue to evolve, traditional detection methods such as looking at indicators of compromise (IoCs) are now inadequate. IoCs provide surface-level security because they do not help to identify insider threats. Agencies are encouraged to adopt an indicators-of-behavior approach (IoBs) in which security professionals focus on events generated by users' interactions with data and applications. Increased understanding of how users behave can help identify high-risk behavior that indicates malicious insider activity or the compromise of accounts. This approach will also allow security professionals to automatically contextualize anomalies, better understand current trends, and more. This article continues to discuss why some traditional methods of detecting cyberattacks are not enough, why agencies should adopt an IoBs approach to cybersecurity, and how agencies can successfully transition from using IoCs to IoBs. 

GCN reports "How 'Indicators of Behavior' Deliver Left-Of-Breach Security"