User Behavior Analytics

The Rise of User Behavior Analytics

By Veriato Team

In August 2014, Gartner published the “Market Guide for User Behavior Analytics.” If you have a Gartner subscription I encourage you to read it. The analysts (Avivah Litan and Mark Nicolett) did a great job defining what had beforehand been a largely undefined market.

User Behavior Analytics (“UBA”) as defined by Gartner, is about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns – anomalies that indicate potential threats.

The space is evolving pretty rapidly, and there are some fairly significant differences in approach from one solution provider to the next. But the fact that user activity and behavior are being increasingly paid attention to is welcome.

Analyzing behavior is something the IT and Information Security community has been doing for a long time.

We have tools that look at the behavior of systems, and use data on the way the system is behaving to predict what will happen next. A disk failure is a good example. Not too hard to predict these days.

We have solutions that analyze the behavior of network traffic, looking at anomalies in flows as a means of detecting things like data exfiltration that a DLP solution simply can’t detect or prevent. Vince Berk and the folks over at Flowtraq are doing some outstanding work in this area.

It’s logical, and in some ways overdue, that we apply similar approaches to the behavior of insiders.

Javvad Malik with 451 Research published an excellent read titled “There is a traitor in our midst – exploring the insider-threat market” in December 2014 that, among other things, speaks to the benefits or monitoring user activity and analyzing user behavior. Javvad also points out some of the unique things that need to be factored in when adding “people analytics” to a security strategy like employee privacy. And he makes a great point – that while behavioral analytics are “key to identifying and isolating a potential rogue user” organizations need to exercise caution and not “prosecute individuals based on mere propensity.”

This leads to a discussion on predictive analytics. People, by their very nature, are difficult to predict. I had an opportunity to have a lengthy discussion with two ex-intelligence operators. These were experts that, when over in Iraq, were tasked with informing the warfighters where Improvised Explosive Devices (“IED”) were placed – a real matter of life and death. One thought that has stuck with me in the time since that discussion was their strong aversion to saying they could “predict” where a person was going to place an IED. Because that person could decide not to stick to the plan (alter their behavior) based on any number of factors – both internal and external – at any time.

It’s the function on user behavior analytics to identify situations where the conditions are ripe for an insider incident. It’s the function of the human operators that receive that information to use it judiciously and wisely.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Insider Risk & Employee Monitoring Resources

Is Employee Monitoring Software Worth The Investment?

Is Employee Monitoring Software Worth The Investment?

Key Takeaways: Employee monitoring software offers detailed insights into employee activities, enhancing productivity and bolstering data security. Choose the right software based on features, cost, integration capabilities, and scalability to align with specific...

How To Choose The Right Employee Monitoring Software

How To Choose The Right Employee Monitoring Software

Remote work is becoming increasingly common, and data breaches are a constant threat. The importance of employee monitoring software has never been more pronounced. For businesses looking to safeguard their digital assets while optimizing workforce productivity,...

UEBA: Revolutionizing Security With Advanced Analytics

UEBA: Revolutionizing Security With Advanced Analytics

Key Takeaways: Behavior-Focused Security: UEBA revolutionizes cybersecurity by analyzing user behavior patterns, providing a dynamic approach to detecting anomalies and potential threats. Flexible and Adaptable: Scalable for any organization size, UEBA integrates with...