User Behavior Analytics

The Rise of User Behavior Analytics

By Veriato Team

In August 2014, Gartner published the “Market Guide for User Behavior Analytics.” If you have a Gartner subscription I encourage you to read it. The analysts (Avivah Litan and Mark Nicolett) did a great job defining what had beforehand been a largely undefined market.

User Behavior Analytics (“UBA”) as defined by Gartner, is about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns – anomalies that indicate potential threats.

The space is evolving pretty rapidly, and there are some fairly significant differences in approach from one solution provider to the next. But the fact that user activity and behavior are being increasingly paid attention to is welcome.

Analyzing behavior is something the IT and Information Security community has been doing for a long time.

We have tools that look at the behavior of systems, and use data on the way the system is behaving to predict what will happen next. A disk failure is a good example. Not too hard to predict these days.

We have solutions that analyze the behavior of network traffic, looking at anomalies in flows as a means of detecting things like data exfiltration that a DLP solution simply can’t detect or prevent. Vince Berk and the folks over at Flowtraq are doing some outstanding work in this area.

It’s logical, and in some ways overdue, that we apply similar approaches to the behavior of insiders.

Javvad Malik with 451 Research published an excellent read titled “There is a traitor in our midst – exploring the insider-threat market” in December 2014 that, among other things, speaks to the benefits or monitoring user activity and analyzing user behavior. Javvad also points out some of the unique things that need to be factored in when adding “people analytics” to a security strategy like employee privacy. And he makes a great point – that while behavioral analytics are “key to identifying and isolating a potential rogue user” organizations need to exercise caution and not “prosecute individuals based on mere propensity.”

This leads to a discussion on predictive analytics. People, by their very nature, are difficult to predict. I had an opportunity to have a lengthy discussion with two ex-intelligence operators. These were experts that, when over in Iraq, were tasked with informing the warfighters where Improvised Explosive Devices (“IED”) were placed – a real matter of life and death. One thought that has stuck with me in the time since that discussion was their strong aversion to saying they could “predict” where a person was going to place an IED. Because that person could decide not to stick to the plan (alter their behavior) based on any number of factors – both internal and external – at any time.

It’s the function on user behavior analytics to identify situations where the conditions are ripe for an insider incident. It’s the function of the human operators that receive that information to use it judiciously and wisely.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our...

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...