onlinebank380-reuters2

Businesses can detect security breaches early by analysing behaviour

Businesses can detect security breaches early by analysing behaviour

 

By understanding how users behave and tracking legitimate processes, organisations can enlist user and entity behaviour analytics (UEBA) to spot security breaches.

A remote machine took over an employee account at a large national grocery chain by circumventing the VPN two-factor authentication protocol…  A travel booking company was attacked when hackers entered through an affiliate network, so that the company could not block the IP address…  An “enterprise user” accessing a cloud service was actually a malware process originating from an underground network…

In each of these cases, companies enlisted user and entity behaviour analytics (UEBA) to thwart theft and disruption.  “Most enterprise security is based on yesterday’s security concepts that use rules and signatures to prevent bad occurrences,” said Avivah Litan, vice president and distinguished research analyst at Gartner. “What’s needed is rapid detection and response, enabled in part through behavioral analytics.”

UEBA essentially maps how legitimate processes take place in an enterprise (the forest) and learns how to distinguish and stop illegal breaches (the trees). UEBA has three main components:

Read Also:
Want to make better decisions? Break down the wall between data and IT

-- Data Analytics: First, UEBA applications identify user and entity behaviours, and build peer groups and other profiles. By establishing baseline behaviours and patterns (often starting with historical data), anomalies can be detected by using statistical models and rules to compare incoming transactions with existing profiles.

-- Data Integration: Flexible UEBA applications are able to integrate structured and non-structured information in to an existing security monitoring system. The information base will include datasets like logs from security information and event management, network flow data and packet capture data.

-- Data Presentation and Visualization: UEBA applications present analytic results quickly, in a manner that allows enterprise security and business teams to readily recognise patterns of unauthorised access and users, and act upon the infractions.

Enterprise security teams are often inundated with alerts, in some cases millions a day. Even worse, they are not prioritised and the crucial breaches are buried with the rest of the alerts. Once a UEBA application is in place, and it has learned to recognise “normal” behaviours, it will:

Read Also:
Sketching with Data Opens the Minds Eye

-- Find bad actors via rapid detection of attacks and other infractions without disrupting the business

-- Improve alert management by reducing the number of alerts and prioritising the ones that remain

-- Improve alert investigations by reducing the time and number of staff required to investigate those alerts (since the underlying data for the correlated alerts is typically readily available)



Data Innovation Summit 2017

30
Mar
2017
Data Innovation Summit 2017

30% off with code 7wData

Read Also:
Want to make better decisions? Break down the wall between data and IT

Big Data Innovation Summit London

30
Mar
2017
Big Data Innovation Summit London

$200 off with code DATA200

Read Also:
Want to make better decisions? Break down the wall between data and IT

Enterprise Data World 2017

2
Apr
2017
Enterprise Data World 2017

$200 off with code 7WDATA

Read Also:
Sketching with Data Opens the Minds Eye

Data Visualisation Summit San Francisco

19
Apr
2017
Data Visualisation Summit San Francisco

$200 off with code DATA200

Read Also:
Survey Shows US CIOs Getting A GDPR Headache
Read Also:
Are You Monetizing Information?

Chief Analytics Officer Europe

25
Apr
2017
Chief Analytics Officer Europe

15% off with code 7WDCAO17

Read Also:
Digital Transformation Is More Than a Buzzword

Leave a Reply

Your email address will not be published. Required fields are marked *