The recent Capital One breach is a strong reminder that firewalls are only a first line of defense.
It’s no surprise that a massive bank holding company like Capital One has been targeted by a malicious adversary.
The Identity Theft Resource Center
In this case, the cybercriminal, a former Amazon employee, made off with Social Security numbers, bank account numbers, addresses, ZIP codes, emails, phone numbers, income information and birth dates. In the wrong hands, this combination of information could allow someone to open a line of credit, collect medical benefits, pursue employment in the victim’s name or even steal their entire identity.
The apprehended attacker exploited a firewall vulnerability in Capital One’s network, which ultimately allowed her to steal administrator credentials and access bank data stored by AWS, then copy the contents within.
Companies, especially those in regulated industries, require a layered security approach that includes next-generation security information and event management (SIEM) technology, powered by machine learning-based analytics.
Some of these advanced tools are now available on-premise and in the cloud, covering both the network and cloud applications.
They establish a baseline of behavior for each user and can immediately identify anomalous activity, including an administrator copying sensitive documents to a location they wouldn’t normally. When suspicious activity is identified, they immediately alert companies’ security teams, and prebuilt security incident timelines can display the full scope and context of related event details.
This means that analysts no longer have to comb through massive amounts of raw logs to manually create a timeline as part of any investigation. This not only saves time and resources—but catches external and internal threats on the spot, helping to keep the organization out of the breach headlines.
