This article was published on June 28, 2017

How one company is using analytics and AI to sniff out potential security breaches

How one company is using analytics and AI to sniff out potential security breaches
Josiah Motley
Story by

Josiah Motley

Let’s get down to brass tacks – your content and information might be “safe,” but if someone really wanted to crack that vault of information they could with the proper tools and people. This isn’t true for all businesses, but if you’re a SMB or maybe even a fledgling enterprise company, there’s a good chance your security is just not up to par to deal with hackers and others out there who want to use your data for malicious reasons.

As your business and your digital footprint grows you’ll find yourself with more and more vulnerabilities due to outdated logins, old emails addresses, and a plethora of other reasons. Take a second to think where you might have your own vulnerabilities and I guarantee there’s someone who knows a way to use it as a backdoor into your system. That’s where something that analyzes an entire ecosystem, or in this case a organization’s content environment, comes into play. Something that crawls automatically and identifies pressure points and then gives solutions on how to shore up potential breaches.

I spoke with Egnyte, a company that focuses on providing cloud-based governance solutions, about security issues and how they are making sure their clients have their vulnerabilities pinpointed, as well as making sure something is done to patch that hole. The service is called Egnyte Protect and it just rolled out this morning, check out the interview with Isabelle Guis, Chief Strategy Officer at Egnyte, below!

Is Egnyte Protect a strictly enterprise-level product, or is there an opportunity to improve larger-sized SMBs?

Egnyte Protect is actually designed for businesses of any size. SMB and mid-market size businesses are also subject to regulations from the SEC and other governing bodies, just like the enterprise businesses. This is in addition to the fact that every business has sensitive content and that content needs protection.

Unfortunately, SMB and MM companies have never been afforded the opportunity to use governance solutions because the ones on the market were wildly expensive and needed a significant amount of additional hardware and maintenance – not to mention the complexity of their configuration. So if anything, SMB and MM companies need a solution like Egnyte Protect now more than ever. Examples of customers of smaller side with a lot of valuable content to protect are VCs, real estate investment firms, or even media companies.

How does it identify vulnerabilities a company might have in their system? What identifiers is it looking for to decide what is or isn’t a vulnerability?

Every company has it own content procedures so vulnerabilities comes in different forms. As such, we offer different tools to detect them across a variety of repositories in the cloud or on-premises:

Content classification – This is where we identify, tag and locate a company’s most valuable content, depending on the definitions of their “valuable content”, which could be high value IP or regulated content or contractual content or business critical information (credit cards, social security numbers).

We have predefined templates for the most frequent valuable content to find files that contain PII, PCI, HIPAA, GLBA or GDPR. Customers can define their own policy to find files with credit card, mailing address and phones only or to find files with their own keywords like confidential or the code name of a secrete projects. Once the valuable content is located they can ensure that it is in the right folder or not and enforce their policies (for instance all files containing a SSN should be in the HR folder and if it is not the case they can move it). We offer options to whitelist folders so if you know that SSN files will be in the HR folder and you will not receive an alert as this is not a vulnerability and the folder has the appropriate security policies for this (e.g. it is on-premises and only HR employees can access it with no download rights).

Access control – another vulnerability is when people have the right to access control they are not supposed to see and have access to too much information for their role (exposure that increase the potential attack surface). So we run rules on most frequent vulnerabilities. For instance, inconsistent user access (e.g. when a marketing person only has access to the Marketing folder on SharePoint but by inadvertence was granted access to the finance folder on a Windows File server) or open folder (i.e. accessible to external parties) or externally shared files etc.

Combo classification & access control – We also have rules combining both paying more attention to rules that are infringed for sensitive content. For instance, we can generate real-time high severity alerts when a sensitive content (classified as such) is shared publicly with no password or expiration date or when many sensitive files (e.g. confidential) are downloaded.

Machine Learning & Artificial Intelligence – We are also levering all the historical analytics collected on how organization and people collaborate as inputs for a machine learning engine to define usage patterns per user (i.e. behavioral analytics) so we can detect anomalies like abnormal downloads (due to the # of files, time of the day, location) or sharing etc. and send instant alerts.

How does the system decide which actions to recommend when dealing with a potential vulnerability?

We highlight issues based on pre-defined models (built from our data managing content for the last 10 years) and offer customers a set of actions directly from Egnyte Protect, which will be implemented across all their repositories. We also allow the customers to refine our rules (classification, severity scoring etc.) based on their own specific content procedures.

For instance, ignoring alerts coming from the HR folder about SSN files, not classifying the files in the “website content” folder, or receiving an hourly digest of the alerts, and so forth. In the future, we will have a semantic for customers to create their own rules (versus modifying built-in ones) and we will have machine learning to modify these rules over time automatically to account for organization, user and even file specificity over time.

Could Protect be used to assist in identifying an employee (or ex-employee) that may be using the office’s cloud or login for nefarious activities? Or is it strictly data-based?

Egnyte Protect is an agnostic content governance solution and will protect any content on any repository (cloud or on-prem), from any user that could mishandle valuable content. Our approach to protecting content is at the repository level, so the right user has access to the right content at the right time across all the content repositories – regardless of the device or app used. This allows us to ensure that we can scale with companies in the sense that we are not drowned down by looking at individual apps or certain employees, etc. We look at the content itself and identify all of the activity around it – who accessed it, location they accessed from, time it was accessed, type of action that was taken, etc. – and then rules or restrictions can be created by IT if there is anything that concerns them about any content activity.

In other words, Egnyte Protect currently CAN identify irregular behavior and notify admins to lock down users or the content. In the future, we will have even more insight in this area as we are currently developing features that use machine learning to create behavioral analysis. For example, we are able to take our 10 years of data and analytics to construct a predictive model for what any given employees collaboration habits SHOULD look like. We can then run an actual employee’s habits against it and flag any irregularities, giving that employee a risk score to identify if they are at serious risk of hurting the company with a breach. We have a very bright future ahead of us here.

Anything further to add about the product I’ve missed?

There is no solution out there today that a) protecting against insider breaches protecting b) able to analyze the cloud AND on-prem content c) offered as a cloud subscription model. Egnyte Protect does not impact productivity or user satisfaction. It enforces policies at the content repository level, leaving the user the choice of the apps they want to use (e.g. Microsoft Office, G-suite etc.) and IT the choice of the content repositories they want to deploy (e.g. Windows file server, SharePoint etc.). Egnyte Protect is bringing protection that ALL companies deserve in our digital age – with a cloud-based solution that can be installed instantly, managed by just about anybody, and maintained at a price that they can afford. Our vision for the future is to make businesses smarter about their content, so they can be smarter about their business.

In a world where much of your employee information is stored either in the cloud or on-premise, having an efficient, complete system to analyze vulnerabilities in an attempt to stop any curious eyes from stealing or compromising that data is a must. As hackers and other people with malicious intent continue to get smarter, you need a governance solution to grow and adapt, as well.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with