The human dimension of cybercrime

It’s called cybercrime, but humans are at its core, and understanding how they operate is essential for combatting their actions.  While traditional cybersecurity tactics focused…

OpenText Security Cloud Team  profile picture
OpenText Security Cloud Team

October 26, 20224 minute read

It’s called cybercrime, but humans are at its core, and understanding how they operate is essential for combatting their actions. 

While traditional cybersecurity tactics focused on rules established around the common patterns of usage on the enterprise network, today’s best practices go well beyond that approach.  

OpenText’s Managed Extended Detection and Response (MxDR) provides active surveillance across your entire IT infrastructure—well beyond your network endpoints—and employs observed tactics, techniques, and procedures (TTPs) that have been customized for your specific environment. By applying advanced analytics and machine learning to those TTPs, OpenTextTM delivers rapid identification and remediation. 

Getting to the human factor 

Basic behavior-centric cybersecurity, also known as user-behavior analysis (UBA) involves understanding how human beings interact with data. Combining analytical information from traditional security systems with contextual data from other sources—travel logs, email, chat communications and more—allows us to draw a virtual profile of an individual user and their behavioral patterns. By detecting anomalies in these patterns, OpenText can identify potential threats, including malicious insiders or external bad actors. 

Behavioral analysis takes cybersecurity far beyond the realm of traditional perimeter defences, using cognitive science, human behavioral analytics, and human psychology to understand how humans work and interact with technology.  

OpenText MxDR is not your standard-issue UBA. 

For us, understanding the human behavior behind cybercrime is just the beginning. 

Integrated intelligence 

OpenText MxDR leverages multiple technologies, including threat intelligence, with our next-generation security information and event management (SIEM) to completely understand the scope and impact of any security event. Threat intelligence also allows the correlation to be drawn between data sets of known malicious files and data points identified from ingested log sources.  

The more data we have, the more data sets we can analyze and conduct threat hunting. When we see something happening in one of our environments, we sweep through all our client’s data to make sure it doesn’t exist elsewhere. We utilize 500+ detection sets within your environment, as well as more than 285 million sensors across the public Internet, to provide real-time, multi-point threat detection. 

Once OpenText MxDR identifies TTPs related to a new malware that’s targeting a particular environment we can apply that TTP to all our clients and notify them immediately. We fully integrate OpenText BrightCloud Threat Intelligence into our MxDR platform, which provides valuable loopback information.  

Having threat intelligence directly integrated allows for immediate threat validation to known malware. In addition, endpoint and network technologies are integrated into the solution with people, processes, and procedures in the event of a zero-day or targeted event.  

It all amounts to thorough, far-reaching threat detection, rapid remediation, and a massive decrease in the number of false positives that divert your security analysts from their other tasks. 

Staying proactive 

While it once was sufficient to understand “normal” usage on your network, and simply respond to anomalous behavior, organizations must now be aggressively proactive to avoid cybercriminals from breaching their infrastructure. Understanding threat actors’ tactics, and staying one step in front of evolving TTPs is now essential, as is the ability to quickly apply that information across entire attack surfaces. 

OpenText MxDR’s threat hunting approach offers unparalleled protection, and multiple benefits, including: 

  • Preventative, proactive support to identify or validate the existence of threats and/or malicious activity within and across the cyber kill chain.  
  • Quick identification of patterns, relationships, and indicators of compromise.  
  • Insight to potential zero-day threats before they can attack the environment, both on-premises and in the cloud using AI and machine learning tools.  
  • Threat hunting beyond network logs to cover endpoints and expand security measures.  
  • Remediation and risk compliance recommendations to close gaps in security protocols and policies.  

With threat actors constantly gaining new skills and tactics, and sharing their discoveries with other cybercriminals, every organization must bring their best game to the challenge.  

It’s an ever-shifting threat environment, and organizations must stay in front of those who want illegitimate access to data. 

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText Security Cloud Team avatar image

OpenText Security Cloud Team

See all posts

More from the author

Dissecting IcedID behavior on an infected endpoint

Dissecting IcedID behavior on an infected endpoint

IcedID, also known as BokDot, is a banking trojan that was first discovered in 2017. It targets a victim’s financial information and it is also…

March 30, 2023 4 minute read

Technology meets tenacity

Technology meets tenacity

Technology alone won’t defeat cybercriminals. Effective cybersecurity isn’t something you buy off the shelf, set, and forget. To secure your data, you must be proactive,…

November 03, 2022 4 minute read

OpenText MxDR platform: a team player

OpenText MxDR platform: a team player

There’s a truism in the cybersecurity sector that says enterprise technology stacks are so large because the market demanded big-stack solutions. Convenience, fiscal constraints, and…

November 01, 2022 3 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.