Igor Lyapunov, Solar Security: The person – a basis and security, and business strategy

Igor Lyapunov: Really, all understand long ago that the person – the weak link of security requiring special attention. At the same time, until recently these, information systems, hosts, perimeter of corporate network and other were subjects to traditional approach to providing Information Security. In it the essence of a paradigm of information security of the company consisted.

The person for bezopasnik always remained extremely inconvenient entity because the employee is granted the rights, keys of access to information systems are issued, and it loses them or somehow compromises with other. And what to do with this absent-minded person, the specialist in cybersecurity does not know because he, in the majority, got used to look in the monitor screen, but not at the person. Today as a result of action of a number of factors the paradigm of information security changes therefore there was a concept of PCS.

Igor Lyapunov: First, business begins to understand that as it is paradoxical, the person not only the weakest link, but also the strongest. The person, but not the server or an information system, is a key factor of creation of new values. The large international companies spend huge forces and money for cultivation of creative people, build the whole management systems for talents which form the basis of strategy of business. The Russian companies begin to move in this direction too. The person stops being one of business elements, it becomes its center.

The second factor influencing paradigm shift of cybersecurity consists that it is difficult to limit creative people in use of means of communications. Despite of all bans and efforts of cybersecurity, employees will use both WhatsApp, and Telegram – at any time and in any place if it is convenient to them or to the customer with whom they work. The concept of People Centric Security offers ways to ensure information security in a new paradigm, without trying to break it.

Igor Lyapunov: PCS as it is fairly noticed, is approach, and it it is necessary "to ground" on each specific organization, specifics of business and also on employees who need to be controlled in a varying degree. Within PCS it is authorized to employees to do everything as it is convenient to them, but at the same time service cybersecurity performs permanent monitoring and the analysis all of them actions in terms of security. Today many global vendors in the field of cybersecurity are guided in a technology part of the products by such approach.

Igor Lyapunov: How to distinguish the correct actions from wrong when almost everything is authorized, is a fundamental problem. There are three approaches to its solution – selection of risk groups, profiling of normal behavior of employees for the purpose of identification of deviations and use of special tools for conducting investigations and analytics.

The first approach implemented and in our products, includes three moments. First, in any organization there are people belonging to group of the increased risk just in strength of mind of work: staff of purchasing divisions, IT administrators and some other positions. Secondly, it is necessary to consider features of the person. Here and strange interests in profiles of social networks, and potential dependences, are also long. The third moment which needs to be traced, – mismatch of expenses to income. For example, if the employee buys the car much more expensively than his annual earnings, it should cause vigilance.

Deep monitoring of communications of all employees becomes impracticable if in the company 500 people work at least. And if them 5000? Risk groups help, without loosening controls of everyone of the staff of the organization, to deliver in focus of attention of a bezopasnik of those who more likely will try to break something. And it gives to a bezopasnik the real chance to trace dangerous incidents of cybersecurity.

Igor Lyapunov: The second approach – profiling of employees – is based on statistical techniques and technology of neural networks, and they really very well work in the field of information security. On the basis of this technologists it is possible to construct a profile of normal behavior of the employee and then – to trace and analyze deviations from this profile. For example, if the person corresponds with the customer in WhatsApp day by day - it is its normal profile of activities. But if he suddenly begins to correspond with him in the private channel is already a deviation to which, perhaps, the officer of information security should pay attention.

The third approach – creation of analytics and tools for conducting investigations – we aim to implement through visualization. The machine or the program will not be able to decide for the security officer that the signs of a conflict of interest which are present at behavior of the employee – actually corporate fraud. Above a system there is always a person, and we give him convenient tools for fast information analysis and decision-making.

The daily information stream from the employee on average makes about 30 letters via e-mail, 100 messages in messengers and one-two posts on Facebook. It is not difficult to consider what volume of traffic is generated by 100 or 200 employees. And we collect, we prepare and we analyze all this information in such type that it was convenient to work with it. Solar Dozor collects the file on each employee, builds visual bond graphs in collective, the "thermal" cards of communications decked according to what "bezopasnik" should pay attention to first of all.

Igor Lyapunov: The Russian information security market for several years lags behind world, but now development in this sphere goes the advancing rates. However business pay more and more attention to questions and problems of cybersecurity, and it gives the grounds to think that the situation will be aligned soon. Today already business dictates safety conditions, and not vice versa. If for the benefit of business it is necessary to use, for example, Skype – business will use it, and a task of cybersecurity specialists – to think of how to minimize possible effects. And if the IT department is not capable to solve this or that problem, business users solve it, as a rule, using public cloud solutions and creating thereby a Shadow IT segment.

Igor Lyapunov: Leaders on implementation of cybersecurity solutions are today banks as cyber attacks are very easily recalculated in financial losses. And banks practice competent, separate approach to implementation of cybersecurity for different divisions and specialists. For employees of the front office with accurate service duties restrictions on the used solutions work, they are granted a certain set of the rights – this model of providing Information Security closer to traditional. And here for the employees who are engaged in the direction of digitalization of business and fintekhy more flexible politicians act in cybersecurity, congenial to PCS. In this sphere approach of PCS already proved the efficiency.

Igor Lyapunov: Partly we already talked about it above. Creation of profiles of employees, identification of anomalies in their behavior on the basis of this profile is and there is User Behavior Analytics, i.e. the analysis of behavior of users. Upon UBA – one of technologies on which PCS is based.

Igor Lyapunov: It depends on complexity of a profile of the studied object. If it is about the operator executing standard transactions in bank there will be enough one or two weeks of machine learning. So far as concerns behavior of the system administrator or, other example, – is created a server profile, then training of neural network can take about two-three months.

Igor Lyapunov: At the western vendors of such products there is a lot of, especially in the field of counteraction to cyber attacks. In Russia in addition to them suppliers of DLP solutions actively look narrowly at UBA.

Now in this market there is a certain intrigue: who earlier, is more complete and best of all implements UBA technologies in the products. This agiotage partially harms the technology: some vendors try to issue old technologies for UBA or do the most primitive implementation of algorithms if only to be in a trend.

Igor Lyapunov: Also we plan, and we already implement. Our flagship product is constructed by Solar Dozor on the principles of PCS. We also conduct active researches of UBA technologies and already started their implementation in our DLP solution.

At the same time we do not refuse traditional approaches to data protection. When a system sees that from a corporate circuit the confidential document is sent, it blocks this action of the user, naturally.

Igor Lyapunov: In the technology relation of cybersecurity, certainly, will rely on artificial intelligence as on a method of processing of enormous volumes of crude data – events from information systems, data on behavior of employees, operation of personal computers, servers. Security officers work at a limit of the opportunities in respect of an events scope already now, and vendors of solutions on cybersecurity should find a method to help them – due to automation of routine processes and embedding in cybersecurity solutions of new technologies for accomplishment of more difficult tasks.