The following is an excerpt of a larger article featuring examples of how predictive analytics are being used to predict potential security failures to be able to institute preventative measures.
At U.S. security firm, Surescripts, CISO Paul Calatayud manages a team of data scientists in-house and considers predictive analytics one of the best lines of defense his company has against fraud and data loss or theft. Surescripts is a health information network that routes and processes 7 billion transactions annually.With 13 years of data on more than 230 million patients, Calatayud has to stay ahead of those who want to do harm. “All of our contracts are dependent on our ability to have trust between systems. If we have data loss at our company, we will cease to exist,” he says.
Surescripts uses Splunk Enterprise to carry out independent risk calculations and detect deviations from the norm. Surescripts executives worry about both internal and external threats, including customer credential theft and/or misuse and employee misconduct. For instance, Splunk Enterprise alerts Surescripts if a pediatrician prescribes a 70-year-old patient medication based on a physician profile that doesn’t include treating geriatric patients.
Splunk Enterprise also monitors and aggregates data from raw data points such as Active Directory, firewalls, identity and access management software, file and print servers, and cloud-based applications to understand user behavior. If an employee starts accessing or transferring files at a higher rate than usual, is more active on social platforms such as LinkedIn and is updating a resume document repeatedly, Splunk Enterprise assumes the employee is preparing to leave the company and will alert Calatayud. Together, these actions might indicate an employee is about to quit and might be trying to download proprietary or protected health data. With the heads-up, Calatayud can heighten monitoring, contact human resources and the employee’s manager, and cut off network access if needed.
Source: Cyber Security Intelligence