The present invention, in some embodiments thereof, relates to cyber attacks on an organizational network and, more specifically, but not exclusively, to detecting cyber attacks by detecting abnormal user activity on the organizational network.
The cyber threats landscape is constantly changing. Sophisticated cyber attacks to organizational networks, whether backed by governments, companies or criminal organizations, are becoming frequent occurrences. These cyber attacks pose a threat both to businesses and governments.
The present generation of cyber-attacks operates with a multitude of attack vectors and comprises several attack phases. By nature, these attacks do not rely on previously discovered vulnerabilities, but rather, they use new techniques that exploit unknown vulnerabilities in the organizational network infrastructure.
Traditional signature-based security fails to address the present generation of cyber-attacks. It simply cannot accurately detect such cyber-attacks, with the detection rate being low and the rate of false alarms for a cyber-attack being detected is high.