Applying Aster’s Capabilities > Security > Detecting Insider Threats

The best minds from Teradata, our partners, and customers blog about relevant topics and features.
Teradata Employee

Aster is an analytic platform upon which we have built many Applications in almost every industry. The most challenging and daunting problems facing businesses often overwhelm and swamp the capabilities of singular approaches.  Applying, for example, simple statistics is useful for reporting and quantifying a problem, but it does not offer much more than a summarization to record and observe. Similarly, collecting and observing event logs is certainly a necessary first step, but it does not, in isolation, inform business-based decisioning.


Instead, we take advantage of the platform’s ability to perform a variety of analyses including, path and pattern, natural language text analytics and graph analytics.  We can chain together Applications based in different analytic domains and have them work in conjunction to fuel the discovery workflow


This approach is visible in many of the Solutions developed by the Aster Solutions Team, but in this post, I will use our Insider Threat Detection Solution as an example.   The business challenge here is that as we increasingly rely on network access and cloud computing, the data that enables us to live our digital lives (both professional and personal) is increasingly being breached and stolen by those who aim to profit from misuse of this data. These malicious actors can steal customer information or corporate resources.  And while hackers often generate the biggest headlines, you might be surprised to learn that in a recent survey conducted for the Clearswift Insider Threat Index, nearly ¾ of data breaches originate from insiders authorized to access the network.


This makes it particularly challenging to detect since these actors have credentials and their network activities do not trigger any alarms.  Our approach was to take the countless event logs that exist in various places on the network (server logs, web logs, IP tables, etc.) and organize the data into meaningful, user-centric sessions using the pathing functions native to Aster.  Recording these sessionized event logs over time gives us a baseline against which future patterns of activity can be compared to aid in anomaly detection. 


If we employ other big-data techniques we can ingest user profiles for a more complete picture of a user’s behavior in context …or we can employ the Graph engine to determine communities of similar behaviors…or call on our text analytics to screen message logs for suspicious content…


And because Aster can draw upon these and other analytic techniques at scale you have the ability to chain these analytic techniques in a smooth workflow, which can be honed for a specific task (such as Insider Threat detection), yet maintain the flexibility to extend and reconstitute these same analytic techniques when faced with different challenges.