Detect Privileged Access Abuse with “Linear Regression”

You probably know by now – if you’ve been following our blog posts – that we ran a Machine Learning Madness campaign during Black Hat USA 2018. We revealed a starter set of 14 different machine learning models over 2 days. Read on to learn about model number 4.

Gurucul Machine Learning Model: Linear Regression

How does the Linear Regression machine learning model work, what does it do?  This model compares user’s online activities on one axis, and user accounts with similar entitlements on the other axis. Events that stray from the norm are questionable. This is one method used by Gurucul Risk Analytics to identify anomalous outlier activity.

Just as we saw with our previous machine learning model, the Linear Regression machine learning model is also used to detect privileged access abuse by user’s accounts within your computing environment.  Gurucul Risk Analytics employs over 1000 different machine learning models, some of which overlap and provide confirmatory findings, a model of test-retest reliability of what’s been discovered by adjacent machine learning models.

Linear Regression compares the activities of “privileged account” identities with the authorized access and account activities of other user accounts with similar sets of entitlements. This model zeroes in on any events that have strayed from what’s believed to be normal behavior for that user account.

Use Case: Privileged Access Abuse

This machine learning model can be used to detect privileged access abuse.

Let’s look at an example:  There are advanced tools available where authorized systems administrators can change configurations within a corporate network. However, just because a system administrator can run these tools doesn’t mean they should.

Gurucul Risk Analytics can identify and send an alert when a systems administrator is discovered running a non-approved application. Gurucul Risk Analytics examines and classifies web traffic. When a non-approved application is being run by an unauthorized user account, the event is flagged.  If desired, an alert can be sent. In this way, Gurucul Risk Analytics can quickly detect when a systems administrator is running a non-approved application and alert your investigative team to initiate action to prevent possible damage to critical company data assets.

This is a very powerful capability, especially in instances with cloud computing, where there’s far less monitoring of user account activity. Gurucul Risk Analytics can catch systems administrators in the act of elevating their own or others account privileges in the cloud, and identify where they are misusing those privileges. Linear Regression is perfect for Google G-Suite Admin monitoring. You can catch system administrators who create accounts, elevate privileges, and make company documents public so they’re available for download by anyone from anywhere. This type of online behavior is definitely anomalous and very risky.

What are the Benefits of Linear Regression?

Gurucul’s Linear Regression Machine Learning Model can catch systems administrators elevating privileges or misusing them. This is very powerful as it means you’ll be able to detect privileged access abuse before data exfiltration or damage occurs.

With our machine learning blog series, we are barely scratching the surface with these first 14 machine learning models.  Know exactly what’s going on in your computing environment, know what’s going on with every identity with Gurucul’s behavior based security analytics:  know who’s inside and what they’re doing so you can maintain order.

The post Detect Privileged Access Abuse with “Linear Regression” appeared first on Gurucul.



*** This is a Security Bloggers Network syndicated blog from Blog – Gurucul authored by Jane Grafton. Read the original post at: https://gurucul.com/blog/linear-regression