HomeUncategorizedWhat could have...

What could have Prevented the Anthem Breach?

There exists a universal truth behind every cyberattack which is that the behavior behind the attack never seems normal.

IT security can base its future on just this – coming up with a way to identify behaviors that are abnormal.

By utilizing a behavioral analysis approach, companies will be in front of the power curve and the persistent streams of morphed and brand new exploits to which they have to deal with every day will no longer pose the same threat as they do now.

That said, how can abnormal behavior be detected in an accurate way?

The process takes monitoring, analyzing, and the application of machine ‘learning’. And only then will it be possible to accurately identify behaviors that are indicative of a larger, or smaller, attack prior to it occurring.

So, what approach can be taken in future? We can make some valuable analysis and insights by using the Anthem Inc. breach, which occurred at the end of January, 2015.

It’s known that the attackers posed as insiders, in which case they were easily able to access the databases. Thus, is it possible that the activities may have been identified prior to the 80 million records being breached?

To ascertain an answer to that, we should assess how the attack was eventually discovered.

The reports say that the suspicious activity of an administrator was what finally tipped the scales. An Anthem employee noticed abnormal behavior and began an investigation.

After which, and at this point, Anthem uncovered what was to be one of the most sizable Personally Identifiable Information (PII) data breaches to have occurred in history.

The abnormal behavior was undiscovered for months as the attackers’ activities remained opaque to the security staff and Anthem’s defenses.

And yet, the activities were not stealth. Instead, there were no tools in place to monitor or to analyze database traffic which would have identified abnormal behavior.

As it happens, those that attacked Anthem implemented a ‘backdoor’ approach on a database client to gain access to records. Thus, using administrative logins and passwords that were compromised, the PII records were leaked remotely.

Behavioral and continuous monitoring technology would easily have detected the Anthem attack early on as it would have flagged up abnormal behavior.

That sort of abnormal behavior would have been picked up by a number of products today that utilize machine learning behavioral analysis – products such as Aorato (acquired by Microsoft), Vectra Networks X-series Platform, McAfee’s Network Threat Behavior Analysis, and DB Networks DBN-6300.


For further insight into how to protect against company security breaches, read the Monument Capital Group article at Huffington Post.

Get notified whenever we post something new!


Create a website from scratch

Just drag and drop elements in a page to get started with Newspaper Theme.

Continue reading

Kidney Failure in Dogs, What you Need to Know

Kidney failure is a common problem in both cats and dogs usually associated with old age. It is a progressive and degenerative disease normally although there is an acute form. It is not common to catch the disease in...

How to Listen to Police Scanner Online

Interested in learning how to listen to police scanner online? Millions of people listen to police scanners online and on their mobile phones every day. What you’ll hear is real-time, live dialogue between various first responders and dispatchers. You’ll...

Sample Letter of Intent to Occupy

A sample letter of intent to occupy can be a very important document. There are times you are looking for a location to establish your business and you’ve just discovered the perfect one. However, there are a...

Enjoy exclusive access to all of our content

Get an online subscription and you can unlock any article you come across.