In January a great deal of the media's attention turned to the newly appointed Press Secretary for Donald Trump. Bullish and committed to the party line, Sean Spicer was seen by some as a frank speaker, by others as a loudspeaker for propaganda.
Even more interesting was Spicer's social media presence – and no, that's not a reference to his ongoing war again Dippin' Dots ice cream. But on the 26th of January, Spicer tweeted out a string of numbers and letters that looked suspiciously like a password.
Instantly, this was seized upon by social media, and the circus of trying to figure out what had happened began. Did Spicer have so little idea about Twitter that he let a DM (direct, ie private message) appear on his timeline? Was it the fact that he had previously used CloudHopper, an SMS-to-tweet service that had caught him out? Or had someone gained access to his account and was sending out the messages remotely? Maybe the two-factor authentication often employed by high-profile Twitter users had confused him?
Whatever happened with Spicer's Twitter feed, we may well never get the inside information. But it's not just a matter of this being of interest to the public in general – it's a matter of national security for those within the US government. Politics doesn't matter when it comes to cyber-security and the White House has been surrounded recently with a number of alarming stories. Trump is a keen social media user – with many of his messages coming from a Samsung S3 – a device so old that Samsung stopped rolling out software patches to it to keep it secure. The irony of his administration being found to use a private email server has not been lost on many either.
There are however, powerful solutions that can act as a safety net for the current administration – an administration that doesn't seem to have an overview on how, where and when their data is being used and accessed. Both the elder statesmen of Security Information and Event Management (SIEM) software, and newer User Behaviour Analysis solutions (UBA) can work together to monitor the entirety of a network.
SIEM has been around for a while, but its heavy-duty collating of various different logs across the network is invaluable for a wide view across a network. The issue is that the logs – taken from everything from anti-virus software and firewalls to servers and network switches – can take months to set up and are very intensive on the system – monitoring all of these different data sets in line with arranged alerts takes a lot of computing power. What's needed is a way to alleviate this burden through the use of big data, get up and running quickly, and allow this data to be tailored for the individual.
It is here that UBA can make a real difference. Firstly, the system often runs as code embedded deep into a network – meaning that the set-up time for it is minimal, in comparison to the various logs that need linking to SIEM solutions.
Secondly, the system focuses on users and their personal profiles of behaviour, giving you a much smaller chance of flagging false positives. An unencrypted device used to send a tweet? An incident to investigate for Spicer, but not so much for Trump.
Finally, attacks and illicit activity may follow the “low and slow” premise. Rather than an attack or breach that will trigger the warning signs of a SIEM system, anyone inside the network may ensure they slowly but surely get the information they need. UBA will pick this up through the activity monitoring of the individual and notice when they deviate from the norm.
Simply put, these are both technologies that allow an administrator to monitor the flow of information and activities happening within their cyber-network and respond to any irregularities that occur. Spicer's twitter account being accessed from a different device than usual? Malware found on an old model phone? Email activity occurring without any notification from the main server? All of these, through a combination of UBA and SIEM, would be instantly flagged up to those that need to know and act – fast.
Contributed by Jamie Graves, CEO, ZoneFox