Melissa Abramson
AUTHOR: Melissa Abramson
Jan 31, 2020 - 4 min read

Relying on UC Analytics to Monitor and Prevent Data Breach

Bad actors are always on the lookout for the easiest path into corporate networks. As the adoption of Unified Communications continues to grow, so does the number of malicious actors who prey on vulnerabilities created with UC implementations. Unfortunately, the source of vulnerabilities emanates from a lack of understanding of the risks and lack of ideal practices to monitor and prevent potential UC security threats, especially data breach.

Security should the priority of every enterprise at all times. Enterprise’s sensitive data needs protection from inappropriate access, potential theft, alteration or deletion. Therefore, the IT world needs UC analytics as a tool to rely on to monitor and prevent data breaches that are likely to occur. There’s a crucial point within a data breach where UC analytics can play a key role – monitoring the breach.

The majority of data breaches are usually discovered when the breach activity has ceased. Here, the clear focus is to minimize the time period it takes to identify a breach. The faster you identify a breach, the more the chances you have to address it. Here, UC analytics gives you and your IT staff the power to properly monitor all file activities of your enterprise. 

There’s no way a data breach can occur without the attacker not logging on or authenticating at some point; or accessing an endpoint’s file system. Logon is known as the leading indicator to breach activity, while file access can be viewed as an indicator of present breach activity. Therefore, abnormal file activity makes UC analytics a viable part of your data breach protection strategy. 

UC analytics allows organizations to monitor the regular patterns of access around files with sensitive data. It makes it possible to easily identify any deviation from the norm that may occur in the file activity. Oftentimes, the same user accounts will largely access the same files from the same systems, during the same time of day, with the same patterns of access. Therefore, any deviation from these norms could indicate a potential UC data breach. Some of the abnormal activities aspects that your organization needs to be looking for include:

1. Frequency

Are your organizational files being accessed several times more than is normal? An organization should take note that an unsure insider having second thoughts about breaching data may take multiple access attempts before finally taking data. Multiple access attempts more than usual could be considered potential red flags for data breaches.

2. Amount 

Usual user access can likely resolve around an average daily use. Your UC analytics can provide you detailed information for usage patterns. The presence of uncharacteristic usages such as mass copying, bulk deletion, or mass movement of data could be a signal for a data breach or an account takeover. And this is worth looking into.

3. Day/Time 

UC analytics allows you to sync your system usage with the daily and weekly activities of your organization. Therefore, any usage outside of the regular activity time period should be considered a red flag. For instance, a user accessing data 11 pm on Saturday night who normally only accesses files Monday – Friday during business hours seems suspicious. 

4. Endpoint/IP Address 

Any access from a machine outside the organization network, or one that doesn’t often access a given set of files is worth looking into. This could be an obvious indication of inappropriate use of an organization’s data.

5. Permission Changes 

Bad actors like to ensure dedication, both on endpoints and to data. The reallocation of permissions to specific recently created accounts is a common tactic used by these bad actors. 

6. Processes 

Bad actors have their own peculiar tools that they use for data exfiltration. Therefore, seeing processes other than Explorer, Word, etc. accessing your files could indicate a potential data breach. 

UC analytics alerts IT and security teams of the presence of abnormal file access activity that may occur across their UC network. UC analytics makes it very possible for organizations to monitor file activities and easily put adequate attention on what may result to a data breach. If you or your IT team notice any drastic changes to your file activities, this could be a red flag for a data breach and immediate action should be taken to prevent it.