Breaking down barriers to effective security with user and entity behavior analytics

The global cyber threat landscape is growing and evolving all the time – but fortunately, so are the technology solutions available to combat it. Several new advancements can be combined to give organizations an edge over the threats they face.

These new security technologies can streamline overall security operations and alleviate some of the pressures associated with longstanding security issues, such as the global shortage of skilled personnel.

One technology seeing significant growth is user and entity behavior analytics (UEBA).

What is UEBA?

UEBA is a cybersecurity technology that uses a combination of machine learning, behavioral modeling, and statistical analyses to identify when a user or machine patterns deviate from established behavior, indicating a real security threat. This article will look at three major barriers to effective security for modern businesses and explain how UEBA technology can be used to help remove them.

1) A lack of contextual information from conventional security tools

One of the biggest issues with many conventional security tools such as firewalls and anti-malware is that they operate in silos. As a result, when alerts are raised, they lack the context, visibility and data from other tools within a security program that would help an analyst understand the incident in more detail.

For example, if an anti-malware alert is raised from a source IP address or malware name/URL, without answers to key questions–such as “Who was using the asset at the time of infection?”, “What host had the IP address at the time of infection?” and “What other systems are affected?”– containing the incident can be extremely difficult.

UEBA can help to provide this missing context by supplementing the alert with both environmental and situational information:

• • Environmental: This may include information such as whether the user at the time was an IT admin or high privileged user, or if they are the actual owner of the asset in question.
  • Situational: By creating user session timelines, UEBA can not only provide answers to the critics who, what and when questions, but also to questions such as “Has this happened before?” and “Is it normal?,” which can be incredibly useful when investigating a specific incident.