Finally Making Password Security a Thing of the Past! It’s Not About the Password; It’s What’s Behind It
Not all of us can remember those 47-character passwords with 5 special characters and that require 3 of the letters to be capitalized; sometimes, even remembering which pet is our favorite or what our favorite drink is could be a challenge. The impetus for moving away from passwords has long been discussed and debated. The question is: how do we get past passwords?
Well, the answer is finally here! Analytics are FINALLY how we move beyond passwords, to a more secure model based on normal patterns of user behavior that can be constantly tracked. Who needs passwords anymore?! Identity is the name of the security game.
Like all of us, kids want stories with action! Happily, there’s no lack of such these days in the security landscape. After two “literary” books, I promised my son we could read something a little lighter. Since he started sixth grade, I decided that we were finally old enough for one of my favorite techie books, Clifford Stoll’s Cuckoo’s Egg, which follows the process in the late ’80s of tracking down a hacker who took over unused accounts owned by research scientists at Berkeley. The character then launched attacks from the inside-out.
Like any good mystery, the book follows the little clues left behind as the hacker walks through their servers and attacks other locations – he leaves behind a digital signature. It was these clues that tipped off the sysadmin when the attacker found new accounts to work from, while the attacker switched identities, his methods and digital “signature” remained the same, making him traceable. Key to this signature, the hacker did things that research scientists don’t tend to do, like constantly monitor who is logged in, check what programs are running, and look for special system files.
Based on these clues, Cliff is able to track the hacker and thwart his efforts to glean insights from military data! Way to go, Cliff! But that’s just one hacker, and one instance. Today, enterprises need to monitor thousands of users, devices, locations, networks, clouds, and servers. The task is daunting, especially for those companies with limited resources or experience in security.
With the thousands of servers, networks, cloud, and users we have to track today, how do we manage the appropriate level of security and access for each of these users AND entities (basically, anything internet-enabled)?
In addressing these challenges, we’re beginning to see a lot of efforts to leverage analytics to comb through the mountain of data from across thousands of users, thousands of servers, and a global infrastructure to identify questionable behaviors that might lead to credential harvesting or theft of sensitive data. Consider for example a user from marketing. Normally, this user transfers a few dozen megabytes in emails and web, and then goes home. Does transferring a few hundred megabytes mean the user needs to be blocked? I hope not! Videos for a tradeshow can quickly add up and it would be terrible to lock them out right at that critical moment.
The middle ground is reviewing the progression of the type of activity the user normally engages in, and setting up policies for AI or machine learning systems to learn what that normal pattern is and flag anything anomalous. All of a sudden, trying to access a sensitive server? Nope – you’re locked out.
At Citrix, we’re actively working on security infrastructure that does exactly this. With the benefit of visibility into the network, the user, and even inside each user’s desktop, we can get insights into what constitutes deviations from normal patterns of behavior quickly. It’s still in its early days, but we hope to have some cool stuff to show in the not-too-distant future.
Stay tuned. Not all of us can be super-sleuths like Cliff who went on a year+ hunt for his hacker. Some of us need a little help from our analytics.
