Securing and protecting confidential data and Intellectual Property (IP) assets has been always a challenge for organizations despite having various tools including data loss prevention (DLP) added to the cybersecurity strategy. According to Ponemon Institute's 2015 study, most costly cybercrimes are those caused by malicious insiders, followed by denial of services and web-based attacks.
Mitigation of malicious insiders requires enabling advanced technologies such asUser Behavior Analytics - an emerging technology that could provide data protection and fraud detection capabilities that otherwise would go unnoticed. UBA uses a specialized security analytics algorithms that focuses beyond an initial login and includes tracking every movement of user activities in connection with systems that they use to perform their day-to-day operations and roles.
User behavior analytics technology performs two main functionalities. First, it helps determine a baseline of the normal activities that a user performs, and second, it can quickly identify deviations from the normal behavior that trigger an action for security analysts to conduct investigation. The anomalous or negligent behavior might not be the malicious at first look but requires security analysts to investigate and determine legitimate vs malicious behavior.
UBA uses statistical analysis and machine learning techniques to analyze and learn the user behavior and patterns on the go to detect and assess risky user behavior in the enterprise. The UBA technology proactively helps hunt for insider threats, frauds, detect advanced malware activity, follow user actions to automatically identify risky behavior, and present a risk profile of a user to security analysts. All of this without having analysts spend long hours and days in looking through thousands of noise alerts. UBA effectively consolidates and prioritizes security alerts.
A simple UBA use case can be a privileged user trying to access an organization's file server in the middle of the night - which he never did in the past. However, there could be a maintenance activity scheduled that night as generally performed, and he is needed to access the server. At the same time, this could be an incident of compromised credential wherein an attacker was trying to exfiltrate the data out of the server to steal the information or intellectual property. UBA technology can help to model and profile user behavior, and automate such incidents in near real-time. It can also alert security analysts to take action, otherwise the behavior would go un-noticed resulting a successful data breach.
The value User Behavior Analytics technology
UBA can offer a huge value on a number of fronts. It can provide visibility into potential insider threats showing early red flags when a privileged account is being compromised by external attacker luring a user, to measuring change of behavior in user's normal vs anomalies actions.
Sign up for Computerworld eNewsletters.