Monitoring system activity may keep the most common IT security threats at bay, but without user behavior analytics, organizations risk missing those threats that pose the greatest danger. The value of using technology to keep a closer eye on user behavior first became apparent in functions like marketing, where campaigns and strategies could be tailored based on the way customers engage with content.
Over time, however, security professionals began deploying user behavior analytics (UBA)—sometimes called user and entity behavior analytics—to address an even more critical need. UBA recognizes that firewalls, intrusion detection systems and other tools designed to protect an organization's perimeter only focus on keeping rogue actors out. If intruders manage to breach the perimeter, identifying unusual activity might be the only way to mitigate any potential damage. If the rogue actors are employees, perimeter-based security is even less effective.
How user behavior analytics work
At any given moment, employees might be logging into an application, opening shared files, downloading files and sharing data through a range of communication tools. This all represents data that UBA collects and sifts through based on predefined rules about what's considered "normal" behavior.
It would be impossible for a single IT admin or even a large team to assess what every user is doing in an organization, and in many cases, they could probably see a lot of routines and consistent activity. UBA becomes powerful because it spots anomalies, especially those related to security threats.
When a user suddenly starts downloading gigabytes of files instead of the normal 10 MB a day, for example, user behavior analytics could tell an organization that it is at risk of a data exfiltration attempt. If a user suddenly accesses a server they would normally never touch, UBA could help detect a compromised endpoint. Other possibilities include attempting to infect mission-critical systems with malware, or simply insider threats where employees tamper with (or steal data from) systems they have access to.
UBA accomplishes this through the use of artificial intelligence technologies such as machine learning. That means it can not only monitor more user behavior than a human but with greater accuracy.
When to adopt user behavior analytics in your business
Some organizations may have already deployed security incident and event management (SIEM) solutions that work similarly to UBA in identifying unusual activity at the system level. The difference here is that UBA looks at what people—cyber criminals or even your own employees—may be doing and alerting IT security teams accordingly.
The business case for UBA may be built in part on the ability to more quickly contain and minimize the financial or repeated damage that comes from a security breach. In some cases, entire categories of threats, such as those from insiders, may be eliminated altogether.
As you explore the technology, think about the metrics that matter most and how UBA can provide the most actionable insight. For some organizations, that will mean faster detection times when a security threat arises. For others, it will simply mean fewer incidents. On the whole, UBA also means security professionals can spend less time looking for issues, and devote more of their talents to solving critical business problems.
Take the next step, and find out how the right partner can help you take advantage of UBA with cloud access security services today.