The threat landscape continues to grow year-on-year, with more and new types of threat actors. Proportionally,...
cybersecurity incidents are growing both in volume and sophistication.
According to the "2016 Cost of data Breach Study" by the Ponemon Institute, 48% of all breaches in 2016 were caused by malicious or criminal insiders (employees, contractors or other third parties).
Traditional security systems were built to find the bad guys by searching for known signatures or exploits at a selected location during a single point in time. Attackers are continuing to penetrate and evade enterprise defenses. What today's digital enterprises need are rapid detection and response capabilities enabled through behavioral analytics.
Every enterprise today generates a huge amount of log data from user actions, server activity, applications and network devices across the organization's IT ecosystem. However, organizations are unable to get insights from this log data, and challenges remain for security teams to provide contextual value out of the logs to secure and manage the operations of the digital enterprise.
User behavior analytics is an innovation in security technology, and it could help enterprises in taking security and risk management to the next level. The technology makes it easier for enterprises to gain visibility into user and asset behavior patterns to find malicious insiders or external threats, without disrupting the Business.
To introduce and implement any new technology in the enterprise, it is necessary that you understand the architecture, as well as how the technology works in a particular environment under certain conditions. A User behavior analytics platform consists of the following three primary components:
Data integration: This is the foundational requirement to build user behavior analytics capabilities. It should be able to integrate with the required log sources of the enterprise, including structured or unstructured information example logs from security information and event management systems, VPN gateways, network flow data and application logs, as well as ingest logs from CSV files and syslogs.
Data analytics: Data analytics' primary purpose is to enrich and analyze data, use analytical algorithms to learn an environment -- such as server versus user activity, or normal users versus executive users or privileged users -- and make sense of it. In addition, this component is designed to be able to analyze the user and system behavior and to distinguish between normal and malicious activity.
