Behavioral Analytics in Cybersecurity

Written by

Behavioral analytics has become a real buzz topic in information security over the last few years and, in many ways, with good reason. As organizations grow ever-more connected, data-driven and open to attack, the pressure on companies to keep their information protected from a variety of threats increases. Of these risks, insider threats are some of the more difficult to identify and defend against.

As a result, you wouldn’t be hard-pressed to find a business security leader ready to talk openly about the importance of having detailed, intrinsic data on the behavior of users and systems. Similarly, the benefits of being able to synthesize and understand that data to give a more holistic, detailed and intelligent view of what is going on inside the environment is well understood.

“User accounts are critical attack vectors for hackers intent on stealing valuable data or inflicting crippling damage”, Ross Brewer, VP and MD of EMEA at LogRhythm, told Infosecurity.

“Organizations should know by now that it’s no longer a matter of if they’ll be breached but rather when. Without deep visibility into insider threats and risks, and behavioral analytics in place to analyze the potential threats, companies will be blind to breaches happening right under their noses.”

From a security standpoint, the potential of behavior analytics is quite impressive. By connecting technology with individual data points, it narrows the scope of handling large amounts of information to not only detect and neutralize threats within the network, but also predict and determine errors and future trends. It’s therefore no surprise that more and more companies are turning to behavior analytics technology as part of their cybersecurity strategies to defend against insider threats.

“Having the ability to analyze the vast and diverse data on a network to expose insider threats, compromised accounts and privilege abuse is becoming a necessity and organizations are realizing that threats can come from within and appear legitimate,” Brewer continued. "It’s time that we stop looking solely at who the network users are, but what they are doing once inside.”

However, as is often the case when embarking on any new concept, there are some significant considerations that organizations need to bear in mind to ensure they are doing so effectively, legitimately and, in some cases, legally. Behavioral analytics does indeed appear to be one of the developments in technology that really can aid security, but if companies don’t approach its use with care, they risk it having the opposite effect.

Firstly, as Danny Maher, CTO at HANDD Business Solutions explained, an organization’s main obligation when handling any large amount of sensitive customer information and IP is to ensure it is sufficiently protected from both external and internal threats.

“With the arrival of EU GDPR in 2018, organizations are set to face stiffer penalties for data leaks and several well-documented breaches in the last 12 months have proved they can ill afford the reputational damage.”

What’s more, behavioral analytics is only one piece of the security puzzle and an overreliance on it can leave businesses lacking in other areas. Dave Polton, chief technology architect at NTT Security, said that in order to make the most improvement to data security, organizations must have a response plan in place alongside their behavior analytics technology, which can be invoked by validated and qualified incidents raised by their chosen behavioral analytics platform.

“Organizations that are considering behavior analytics should have an incident response plan and part of that plan will be to use other detection and response capabilities. These may capture a great deal more than odd behavior. In fact, some tools can collect and reconstruct all communication flows to and from any device.”

Lastly, but no less importantly, is the delicate issue of transparency. It is important that companies ensure their reasons for implementing behavioral analytics are well communicated to the workforce.

“Without an effective communication plan and transparency, end users will naturally become suspicious about the organization’s real intentions,” argued Maher. “A suspicious and disengaged workforce can lead to lack of care and complacency which in turn leads to a frustrated workforce. Providing education allows the end users to see that such tools are put in place to protect the interests of the individual as well as the organization by keeping their job safe and the business profitable.”

What’s hot on Infosecurity Magazine?