Everyone knows that cybersecurity threats are sophisticated, persistent and dangerous. Keep an eye on your favorite online news service for the next 24 to 48 hours and you’ll probably see a story about another major breach. Despite widespread awareness of the existence and seriousness of cyber threats, organizations are struggling to deal with these threats.
For RSA’s recent Threat Detection Effectiveness Survey, participants were asked to self-assess how well they detect and investigate threats to their IT environments. Only 8 percent believed they could identify threats very quickly, and only 11 percent said they are capable of investigating threats very quickly.
Almost all respondents (88 percent) collect perimeter data, but far fewer collect data from other areas of the modern IT infrastructure, such as the cloud, network packets, identity management systems and endpoints. One in four respondents don’t integrate their data, and only 21 percent can access all data from a single source. Just 10 percent said they could connect suspicious activity across all data sources “very well.”
To address these gaps, one-third of survey respondents said they planned to implement user behavioral analytics within the next 12 months. User behavior analytics tools are capable of detecting irregular user activity that could indicate a threat or attack. First, machine learning techniques are used to establish a baseline or profile of normal activity for each user. Then real-time monitoring tools gather activity data and compare it to the baseline profiles. Deviations from normal activity are investigated to determine if there is an actual threat.
Unlike other types of security analytics, user behavior analytics focuses on users, not events or alerts. This capability is a direct response to attacks that focus on stealing the credentials of individual users. Previously, criminals could steal credentials and fly under the radar if they understood the rules of the network. With user behavior analytics, they now have to follow the user’s activity profile, which is much more difficult.
User behavior analytics also helps overcome the challenge created when security tools create too much noise. Many security systems provide so many alerts that it becomes difficult to pinpoint real potential for an attack. However, behavior analytics integrates data from various sources and provides greater context for each activity.
In a recent report, 451 Research noted that user behavior analytics was one of the top security trends of 2016, with more than 75 security vendors offering behavior analytics capabilities in their product suites. The report puts these tools into three broad categories:
- Web behavior analytics looks for automated attacks on websites, such as bots trying various username and password combinations to gain access.
- User and network behavior analytics analyzes log data and network traffic patterns to spot bad actors trying to get user credentials.
- Insider monitoring systems look at all of a user’s activity for noncompliance with security policies or access to resources outside the scope of the user’s role.
Technologent has a deep bench of security experts and alliances with industry-leading vendors who offer user behavior analytics tools. Let us help you overcome the “needle in a haystack” challenge of security and monitor for suspicious activity at the user level.
Comments