onlinebank380-reuters2

Businesses can detect security breaches early by analysing behaviour

Businesses can detect security breaches early by analysing behaviour

 

By understanding how users behave and tracking legitimate processes, organisations can enlist user and entity behaviour analytics (UEBA) to spot security breaches.

A remote machine took over an employee account at a large national grocery chain by circumventing the VPN two-factor authentication protocol…  A travel booking company was attacked when hackers entered through an affiliate network, so that the company could not block the IP address…  An “enterprise user” accessing a cloud service was actually a malware process originating from an underground network…

In each of these cases, companies enlisted user and entity behaviour analytics (UEBA) to thwart theft and disruption.  “Most enterprise security is based on yesterday’s security concepts that use rules and signatures to prevent bad occurrences,” said Avivah Litan, vice president and distinguished research analyst at Gartner. “What’s needed is rapid detection and response, enabled in part through behavioral analytics.”

UEBA essentially maps how legitimate processes take place in an enterprise (the forest) and learns how to distinguish and stop illegal breaches (the trees). UEBA has three main components:

Read Also:
Digital Transformation Is More Than a Buzzword

-- Data Analytics: First, UEBA applications identify user and entity behaviours, and build peer groups and other profiles. By establishing baseline behaviours and patterns (often starting with historical data), anomalies can be detected by using statistical models and rules to compare incoming transactions with existing profiles.

-- Data Integration: Flexible UEBA applications are able to integrate structured and non-structured information in to an existing security monitoring system. The information base will include datasets like logs from security information and event management, network flow data and packet capture data.

-- Data Presentation and Visualization: UEBA applications present analytic results quickly, in a manner that allows enterprise security and business teams to readily recognise patterns of unauthorised access and users, and act upon the infractions.

Enterprise security teams are often inundated with alerts, in some cases millions a day. Even worse, they are not prioritised and the crucial breaches are buried with the rest of the alerts. Once a UEBA application is in place, and it has learned to recognise “normal” behaviours, it will:

Read Also:
Alation’s Data Catalog: Enterprise Level Data Curation Moves Forward

-- Find bad actors via rapid detection of attacks and other infractions without disrupting the business

-- Improve alert management by reducing the number of alerts and prioritising the ones that remain

-- Improve alert investigations by reducing the time and number of staff required to investigate those alerts (since the underlying data for the correlated alerts is typically readily available)



Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
A data story flow chart: talk to an expert

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
Army researcher invents new ways for intelligence analysts to visualize, interact with information

Chief Data Officer Summit San Francisco

7
Jun
2017
Chief Data Officer Summit San Francisco

$200 off with code DATA200

Read Also:
6 Ways Business Intelligence is Going to Change in 2017

Customer Analytics Innovation Summit Chicago

7
Jun
2017
Customer Analytics Innovation Summit Chicago

$200 off with code DATA200

Read Also:
Artificial Intelligence creates jobs, not eliminate them: Study
Read Also:
Data Enabling A New Kind Of Journalism

HR & Workforce Analytics Innovation Summit 2017 London

12
Jun
2017
HR & Workforce Analytics Innovation Summit 2017 London

$200 off with code DATA200

Read Also:
Google improves Sheets analytics, visualization features

Leave a Reply

Your email address will not be published. Required fields are marked *