Wondering what this whole User Behavior Analytics (UBA) craze is really about? Think
about your security implementation; could you predict where a breach may occur?
Verizon's most recent Data Breach Incident Report (DBIR) found that 74%
of organizations feel vulnerable to insider attacks. A separate study conducted
by the Carnegie Mellon University Software Engineering Institute showed that 30% of all
respondents reported that incidents caused by insider
attacks were more costly or damaging than outsider attacks. Often these attacks
target personal information housed by organizations for financial gain or public
defamation. The standard now is to protect your organization proactively, never
reactively.
What does this mean for you? Well, you have to be able to predict, with a degree of
certainty, when and where an attack may begin. Anticipating the future isn’t easy, to do
so you’ll need data — relevant data, which is where User Behavior Analytics comes into
the picture.
There are terabytes upon terabytes worth of data that can be pulled from a standard
security implementation using SIEM systems. With these legacy solutions the most
prominent question is always, “how do you make sense of it,” or “what is actually
important here?”
User Behavior Analytics Tools arm organizations with the specific data needed to
understand what typical user behavior looks like, which is then used to identify
unusual, or suspicious behavior. In doing so, User Behavior Analytics systems collect
data on how users interact with the devices, applications, and other digitally connected
assets they’re given.
UBA data has value in every department within an organization. From security to sales,
something can be learned from the data provided by User Behavior Analytics. Read on to
see if UBA is right for your organization.
“User and entity behavior analytics offers profiling and anomaly detection based on a
range of analytics approaches, usually using a combination of basic analytics
methods (e.g., rules that leverage signatures, pattern matching, and simple
statistics) and advanced analytics (e.g., supervised and unsupervised machine
learning). Vendors use packaged analytics to evaluate the activity of users and
other entities (hosts, applications, network traffic and data repositories) to
discover potential incidents commonly presented as an activity that is anomalous to
the standard profiles and behaviors of users and entities. Example of these
activities includes unusual access to systems and data by trusted insiders or third
parties and breaches by external attackers evading preventative security
controls.”
On top of User and Entity Behavior Analytics, UBA is also known as security user behavior
analytics (SUBA), and Network Traffic Analytics (NTA), no matter what you call it, the
simplified definition of User Behavior Analytics is that it is the process of collecting
data on the events generated by your users through their daily activity across
different networks and devices, then leverages machine learning, algorithms, statistics
and probability to organize that data into logical, useful analytics reports that
highlight activity significant to the organization.
This knowledge helps businesses scale processes, ensure compliance rules are met, and
more popularly, protects
the organization against insider threats and aids with the investigation process
in the event of a breach in security.
A Short History of User Behavior
Analytics
User Behavior Analytics, an offshoot of Behavior Analytics, is a concept that began in
the world of marketing, where products like Google Analytics provide organized reports
of server activity logs, which granted marketers much greater insight into who did what
while on their website. Granular insight into user interactions let marketers optimize
for maximum conversion levels, which correlate with higher revenues.
Now, the same information is beginning to become more necessary and prevalent throughout
every department in an organization, particularly regarding security, but also in human
resources, sales, and any other process-driven sectors within an organization.
Organizations use data from UBA systems to help optimize individual workflows, understand
employee engagement, and of course, to understand and analyze suspicious behavior and
potential threats.
The Difference Between SIEM & UBA
SIEM or Security Information and Event Management systems are common core technologies
for any security implementation; they provide real-time analysis of security alerts
generated by applications and network hardware. These systems alert you to anything and
everything that happens within your infrastructure. SIEM Systems collect log and event
records from all of your other security systems such as user devices, network switches,
firewalls, intrusion protection systems, servers and more, then puts them in one
centralized location and analyzes the data. The main benefit here is that SIEM provides
near real-time data analysis that uses correlation rules, whitelist matching, and
statisical baseline devation to notify additional systems and teams of a noteworthy
event.
UBA systems provide specific event data with historical activity data
from the user, website, application, and machine, which provides more relevant
alerts and a lot more context than just system events.
The biggest difference is this, SIEM applications use specified rules and inputs to
analyze behavior in near real time and they're notoriously bad a spotting anomalous
behvior outside those rules. UBA applications take a more long-term approach by
analyzing behavior over long periods of time to only draw attention to truly anomalous
behavior. With SIEM, anything and everything that meets our rules gets flagged in near
real time, UBA highlights anomalous behavior based on a historical batch of activity
data. SIEM systems offer what becomes a data lake, UBA systems provide data droplets or
tactical data points.
Why do I Need User Behavior Analytics?
A 2017 report titled “2017 Cost of
Cyber-Crime Study” from Accenture Security states that cyber-attacks show “no
signs of slowing down,” and that the only way to stay ahead of them is to invest in
innovation. On average, companies are losing more than $11.7 million per company due to
cyber-crime, a 62 percent increase in just five years.
Across all emerging technologies, User Behavior Analytics has the second highest spend to
cost savings ratio, second to only SI systems, which cost more than three times that of
an average User Behavior Analytics system.
Old security methods are no longer effective. Your firewall is not 100% foolproof, your
users give passwords to friends and family, rogue employees are lurking unnoticed, and
you never know when a simple phishing scam could compromise a user’s account. This ever
complex landscape means preventative measures are no longer enough in the world of
security today.
Moreover, UBA can add much-needed context to your business intelligence systems by
analyzing company-wide and individual workflows. These insights allow companies to then
optimizing processes for higher output.
The world of business today is increasingly complex and competitive. In order for
established businesses to remain competitive, organizations must constantly evaluate the
inner workings of their organizations. At scale, organizations must ensure old
processes do not become inefficient. For growing organizations, processes need
to be monitored to be sure they scale properly.
How Does User Behavior
Analytics Help Organizations?
Identify Insider Threats
The number of data breaches continues to increase year after year, and 1 out of 5
is set forth by an individual that already has access to the companies sensitive data.
Something as minuscule as a flash drive can become the instrument of
destruction if the user has malicious intent. For this reason, it’s incredibly
vital to be able to identify
potential risks early and to take measures to protect your sensitive
assets.
User Behavior Analytics Software can help organizations understand what people
within their organization have risky behavior, and moreover, they can help to
identify users accessing sensitive data.
User Behavior Analytics leverages machine learning, algorithms and statistics to
create and present a baseline behavior pattern or profile. Actions that appear
to be out of the ordinary for that profile will flag the system, and notify the
administrator of the anomaly.
Detect and Investigate Breach of Security
Sometimes a security breach cannot be prevented, no matter where it originated.
Having user behavior analytics dramatically increases your chances of
pinpointing where the vulnerabilities lie.
If the breach was internal, you could find the moment in time when a user
inserted a USB or accessed a website or document containing malware. If the
attack originated from outside your organization, you could track and understand
the unauthorized user’s movements throughout your organization’s network, files,
and devices.
User Behavior Analytics Softwares let organization conduct a practice called
Business Process Mining. This process involves someone auditing how each job in
the organization is done, looking at the results, then testing a new method
derived from data, and analyzing the results. User Behavior Analytics Softwares.
Additional Visibility for Policy Compliance
Anomalous behavior likely violates your company policy. While policy compliance
generally falls into the category of Employee Monitoring
and it’s not a core use of UBA systems, tactical notifications of unexpected
behavior draw your attention to those that take liberties with your company
policy.
User Behavior Analytics With ActivTrak
To identify unusual or suspicious behavior,
organizations need data to understand what typical user behavior looks like.
ActivTrak is a User Behavior Analytics solution that collects reliable and
unbiased data to assemble the clearest picture of typical behavior within an
organization. UBA data has value in every department within an organization.
From security to sales, something can be learned from the data provided by
ActivTrak’s cloud-based software.
Using insights based on collected data, configure ActivTrak to respond automatically
when users act outside of expected behavior. Use reactive and preventative measures
to secure your organization’s network.
Here are a few reasons why ActivTrak is an ideal solution for User Behavior
Analytics:
Quickly filter through comprehensive activity and alarm logs to zero in on
potentially harmful activities.
Spot sudden changes in user schedule and idle time. Use screenshots, videos, and
other reports to add context and intent for investigations.
Behavioral data is available on the dashboard within moments of installation.
Flag and single out screenshots containing unsafe content.
Check in on your team any time, anywhere from the desktop or our mobile app.
Is User Behavior Analysis
Only for Security Professionals?
Nope! While many people are finding early and obvious uses for user behavior data, some
of the more savvy data scientists in the world are finding this information is
particularly useful in discovering additional revenues hiding within their organization.
Many organizations experience growth, but few are currently prepared for it. In fact, a
study by the Harvard Business Review found that 86% of business managers surveyed said
their business processes and the resulting decisions have become so complex that they
hinder the companies’ ability to grow in a digital economy.
When companies grow, old processes become inefficient at scale, which means the time
value loss grows expentially as you hire more people and they continue to work through
inefficient processes. To curb this loss in time value, organizations regularly perform
a process called Business Process Mining.
Business Process Mining is the procedure of auditing data that speaks to how work gets
done, looking for bottlenecks, then making a data-driven change to the process itself
and measuring the resulting output. Business Process Mining can be invaluable while
scaling your business, as it ensures the dollars spent on employee salary, tools and
oversight is spent wisely.
User behavior data is ideal for performing business process mining because it captures
everything that a user does on a computer. This information can be invaluable while
preforming a process audit because it actually shows what happened, whether or not the
processes are being followed, as well as when and where there is a deviation in the
process, then how that deviation effected the output.
How do I Collect User Behavior Event
Data?
As with traditional Behavior Analytics, User Behavior Analytics has a number of software
technologies that can help organizations collect and analyze user behavior within an
organization.
Choosing the right system is critical to your success. Many User Behavior Analytics
products vary widely in the information they provide, and how the data is presented. These
factors can profoundly influence the insights gathered from user behavior, and
ultimately, the success of your implementation.
Pros of UBA
Of course, you already have a security system. If there is a hole, UBA will catch it so
you can patch it. According to many leading industry experts, the only way to stay ahead
of the curve is to invest in innovation to add to your security stack.
True Anomaly Detection
UBA offers more relevant data than SEIM systems, as UBA analyzes and incorporates
user behavior, rather than just system events.
Predicts Attacks From Inside Your Network
Predicts Attacks From Inside Your Network
Increase Organizational Effectiveness
Review
Process within your organization to understand their real impact. Is
more work getting done now that you have a new process, or is it slowing people
down? UBA gives you the ability to run workflow A/B tests within your
organization to understand how your changes affect overall company efficiency
and ultimately, effectiveness.
Some events have never occurred in one user profile. If a user starts a new role,
or has a project that requires accessing a new file, or using a new resource,
UBA that employs machine learning can sometimes flag these behaviors as
suspicious. These are known as ‘black swan’ events. Black Swan events can create
something called ‘alert fatigue’ which generally means you have so many alerts
that you don’t know which ones are important, or which ones to address first.
Machine Learning is Still Stabilizing
Some people have little to no trust in machine learning. This creates hesitation
to adopt a User Behavior Analytics System, and produce mixed feelings within the
organization on the validity of the analytics.
How to Get Started with User
Behavior Analytics Tools
So, You’ve decided UBA is a good investment, how do you get up and running?
Begin with finding the right reason to invest in a User Behavior Analytics. Are you
concerned about detecting threats? Are you worried
about an insider threat? Is one department underperforming? Are employees within
a department overworked? Are you concerned your processes are not scaling well with your
company?
It’s important to ask the right questions before purchasing your UBA software, such
as:
What are our Needs?
Is it providing the data you need?
Is it tailorable to my needs?
Can you extract the data you need?
Can it integrate with your existing systems? How well?
How long will the implementation take?
How much of Implementation is on us? Can we do it?
Can our Non-tech-savvy users work the program?
Budget Considerations?
What are our Needs?
It’s important to get the answers to these questions early in the investigation process,
as they will be significant roadblocks if one of these questions remains unanswered.
The promise of User Behavioral Analytics is that it can go beyond simply detecting insider threats to predicting them. Some experts say that creates a significant privacy problem.
Information about how you can stay compliant while using user Behavior Analytics under the new GDPR regulations.
In Short
UBA is the future of business security. If you’re currently relying on a SIEM system,
you’re halfway there, but it’s easy to get lost in the constant barrage of meaningless
notifications, you need something more specific. User Behavior Analytics give you
security information that is tailored to your organization and prioritized by security
risk. User Behavior Analytics Softwares use machines learning, algorithms, statistics,
and other advanced data processing methods to develop baseline user profiles, which
provide the benchmark for understanding and highlighting user risk. This gives companies
that leverage User Behavior Analytics implementations a step ahead of their competition
by keeping their security teams focused on the individuals and events that are more
critical to the organization’s security.
Workforce Productivity and Analytics Software for Teams
ActivTrak collects and normalizes user activity data providing visibility, analytics and context. Get the real story behind HOW your employees work and what hinders their productivity so you can streamline and optimize business tools, processes and teams.
Uncover poor operational processes and workflow bottlenecks
Analyze productivity activities and behavior patterns
Get visibility into cloud application proliferation and usage trends
Gain insights into remote employee work patterns and time management
Identify insider threats to reduce security vulnerabilities
Get alerted to employee activities that introduce compliance risk
Easily generate detailed reports for audit trail requirements