Building Contextual Data Models for Identity Related Threat Detection & Response (ITDR)

Amid the rising pace of digitization, a growing number of organizations are managing their workloads based on a hybrid model. A hybrid model by design leads to dispersion of corporate data across different environments. Against this backdrop, it has become more difficult than ever to secure and protect the data from many digital identities that are used to access various systems.

While security components like multifactor authentication (MFA), Single Sign-On (SSO), and Password Vaulting, among others, provide strong layers of security around data, having a corporate identity-related threat detection and response mechanism based on a data contextual model enables the organization to build a proactive information security posture.

Let us consider this: every day, a modern-day enterprise generates data in sizes of gigabytes, terabytes, petabytes, or even more. However, most enterprises are not equipped enough to manage or understand the data patterns, leading to security gaps.

Data-Contextual Models: Deep Insights

Maintaining a firm grip on sensitive enterprise data is never easy. As organizations typically operate in several functional departments, the data invariably ends up sitting in various data repositories. This is the normal scenario seen in today’s highly heterogeneous IT environments with an ever-increasing number of endpoints. And with every passing day, the volume of unstructured, siloed data keeps growing. As a result, the complexities of managing this data become increasingly cumbersome, and the data risk vector expands. There is absolutely no clarity about “who” is accessing “which” data and for “what” purpose “where” and “when.”

Some of the typical challenges organization face are as follows:

• Lack of awareness of what sort of data is being generated
• Absence of visibility on the volume of data exposed to end users
• Lack of categorization of data based on its sensitivity
• No mechanisms in place to restrict or grant controlled access to sensitive data
• Cumulation of stale/redundant data leading to increased attack surface, IT inefficiencies and compliance issues

ARCON, a pioneer of risk-control solutions in IAM (Identity Access Management) space, offers the “Data Intellect” model that is built on AI/ML driven context-aware models and enables the discovery, classification, and categorization of large volumes of unstructured enterprise data and helps orchestrate remedial steps to control access to data while improving compliance posture simultaneously. It offers a “Single Pane of Glass” for “comprehensive observability” and leverages machine learning algorithms, and designed in such a way that enables IT security pros to:

• Make meaningful sense out of the unstructured exposed data- “who,” “which,” “where,” “when, and “what” of data
• Understand the data patterns from data repositories, file formats and gain actionable insights necessary for data-centric security decisions
• Build contextual security models by integrating data-context with user-context

By developing contextual data models, security and risk management teams can make more sense of the static and dynamic data that is stored in silos. This model helps in describing data and events and leverages AI and ML technology capabilities to understand the anomalies as it enables them to classify the data, itemize the exposed data, categorize the critical data, and help the team to comprehend the “where” and “what” of data.

In addition, a data contextual model provides actionable insights on data that are useful for forensic analysis and overall information security posture. There are three components that build contextual security around data.

Categorization of Data: Data Intellect allows IT security teams to get a complete visibility on the “type” and “purpose” of data generated in an organization. This functionality captures what form of data (data classification) is accumulated in the data repository; for example: excel file, word docs, JPG, among others.

Furthermore, it captures what sort of data (document classification) is being generated. For instance, what percentage of data is related to legal, commercial, IT, PII (Personally Identifiable Information) among other forms of data. This functionality offers a “single pane of glass” to comprehend the data patterns, important to classify data from security perspectives.

Classification of Data: This functionality provides deeper analysis of the enterprise data. Classification of data enables IT security and compliance teams to discover what percentage of data is “top secret,” “confidential,” “restricted,” “sensitive,” “Internal,” and “public” in nature, what percentage of data is exposed to vulnerabilities and what percentage of data is no longer required or redundant data. This functionality offers descriptive classification ensuring that there is no human error and data misclassification. It enhances the enterprise governance framework as well as data categorization, making sure that employees know what “sensitive data” and what “Vulnerable data” is lying in data repositories.

(Please note that at times the words classification and categorization may be used interchangeably by organizations as per their definition.)

Orchestration Measures to Restrict Access to Data: Another standout capability of ARCON’s Data Intellect solution is its seamless integration with another robust module- ARCON | Endpoint Privilege Management (EPM). While Data Intellect module enables IT security pros to discover, classify and categorize data, the EPM module enforces robust access control around data that is deemed “sensitive” or “exposed.” It not only helps to enhance the data-security posture but also enables data controllers and data processors to comply with regulatory mandates that require restricted access to data for maintaining confidentiality and integrity of data. In addition, Data Intellect’s timeline monitoring capability for documents enables IT security pros to track the entire history and the flow of the individual document including alerts to administrators, if any suspicious activity takes place.

To conclude…

Building contextual data models also helps in making wiser decisions about the identity and access management of Life Cycle. Deep-dive insights using such models also enable IT security and risk management teams to decide to whom they should or should not grant access and revoke rights to access systems for better identity threat detection and response, and this goes a long way toward a Zero Trust model.

About the Author

Anil Bhandari, Chief Mentor, ARCON, is an inspired innovator, technologist and thought leader in Information Risk Management. A Chartered Accountant by profession, Anil’s area of interest has always been Enterprise-wide Risk Management.

Anil started his career as a management consultant, serving in many sectors which ranged from engineering to commodities and from healthcare to IT/ITES. Besides, he also led several M&A and Due Diligence teams on behalf of clients spanning several industry verticals, especially in the EU (European Union) region.

Thanks to his in-depth experience of assessing risks for data centers, networks, varied technology platforms and core IT processes, Anil possesses intensive knowledge in the Information Security and GRC domains. The knowledge acquired over the years has helped him to consult large enterprises looking to implement innovative solutions in Cyber Security and the best practices for critical functions such as BCP/DR.

Anil has been serving as a Chief Mentor since the Company was founded in 2006. In ARCON, he mentors a large team of software engineers and product managers for product innovation and technology roadmaps. Discussions and strategizing with the product development team to build robust risk control solutions that mitigate Information Security related challenges emerging in the digital sphere dominates his packed work schedule.

Anil Bhandari can be reached online through their company website https://arconnet.com/.