Take a look a the IT security market and you’ll see a trend away from worn-out tactics like firewalls and even would-be buzzwords like threat modeling. Security analytics is the new player at the table promising better, faster and more accurate results about potential vulnerabilities. Gaining the most traction are efforts like security information and event management (SIEM) technologies, but these may be more hype than help.
Why? As noted by a recent CIO article, “the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level.” In other words, companies looking for threats and listening for ways to better protect their assets are getting overwhelmed, and the result is a security landscape that lets malicious actors flourish.
Turn Up The Volume
It’s easy to see why SIEM and similar efforts are gaining ground — high-profile data breaches have now made their way to the boardroom and become top-of-mind for many C-suite executives. When healthcare agencies, media companies and massive retail chains are all victims of data breach and theft attacks, what was once perceived as paranoia from CISOs and CIOs has become de rigueur.
SIEM tools are seen as one answer to this problem since they’re able to collect, store and then analyze security data, in theory providing better visibility for IT security professionals and shareholders alike. The key here is automated analytics and as the CIO article points out, automation quality is now the standard by which these solutions are judged. But as the market expands, companies are increasingly bombarded by “noise” from multiple security vendors all clamoring for their attention and IT budget. What’s more, SIEM tools are only as effective as the data sets they access — if companies ask the wrong questions or use too-small query samples, the results are less than optimal. Bottom line? It’s easy to get overwhelmed.
Changing the Narrative
The big draw of SIEM solutions is that they combine the benefit of post-incident review with real-time monitoring of security events. But there’s a broad assumption here: That the bulk of security issues come from outside your network. In fact, human error on the part of employees— both accidental and malicious — remains the biggest threat to corporate data. What’s more, tracking and analyzing the behavior of these users, especially if their accounts have been compromised, offers the potential to head off security threats at the earliest possible point. In effect, the idea here is to change the narrative from “what happened” and instead aim for “what’s going to happen?”
Enter user behavior analytics (UBA). According to a recent Business 2 Community article, the idea here is to use “a combination of math and psychology,” detect unusual patterns of user behavior. It all starts by creating a baseline or “control group” which demonstrates typical and desired behaviors. Next, real-time data is collected from all users on your network and analyzed to determine if any accounts are accessing strange files or using network services in unexpected ways.
The big difference? You get the benefit of instant alerts which can be customized to identify the type of behavior or security threat you’re most worried about. Ultimately, emerging UBA solutions are focused on cutting through the noise and taking off the blinders — it’s time to listen up, look inside your network and discover what’s really going on.