Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Using specialised analytics to improve cybersecurity

Orion Cassetto, senior director of product marketing at Exabeam discusses the growing popularity of User and Entity Behaviour Analytics (UEBA).and how it can help organisations achieve effective data security.

 The volume and severity of cybersecurity threats faced across the business world are growing at a steady rate. Fortunately, this fact is no longer lost on most organisations. Gartner has predicted worldwide security spending will increase by 8pc in 2018 to reach a value of $96bn by the end of the year because of regulatory change, mindset and a growing awareness of threats.

Central to this growth is the identification and adoption of new security technologies, designed to streamline overall security operations as well as alleviate some of the pressures associated with longstanding security issues, such as the global shortage of skilled personnel. One technology seeing significant growth at present is User and Entity Behaviour Analytics (UEBA).

 An intro to UEBA 

UEBA is a cybersecurity technology that uses a combination of machine learning, behavioural modelling and statistical analyses to identify when user or machine patterns deviate from established behaviour, indicating a real security threat. This article will look at three major barriers to effective security for modern businesses and explain how UEBA technology can be used to help remove them.

The need for context 

One of the biggest issues with many conventional security tools such as firewalls and anti-malware is that they operate in silos. As a result, when alerts are raised, they lack the context, visibility and data from other tools within a security programme that would help an analyst understand the incident in more detail.

For example, if an anti-malware alert is raised from a source IP address, or malware name or URL, without answers to key questions such as ‘Who was using the asset at the time of infection?’, ‘What host had the IP address at the time of infection?’ and ‘What other systems are affected?’, containing the incident can be extremely difficult.

UEBA can help to provide this missing context by supplementing the alert with both environmental and situational information.

  • Environmental: This may include information such as whether the user at the time was an IT admin or high-privileged user, or if they are the actual owner of the asset in question.
  • Situational: By creating user session timelines, UEBA can not only provide answers to the critical who, what and when questions, but also to questions such as ‘Has this happened before?’ and ‘Is it normal?’, which can be incredibly useful when investigating a specific incident.

Too much data – a double-edged sword

In a modern data environment, security information and event management deployments regularly gather more than 1TB of data a day, or more than 100,000 events per second. Most of this data is high-volume, but low-value. Nevertheless, analyst teams often have no way to manually review this amount of data or the alerts that result from it, meaning that key information is regularly missed.

Being machine-based, UEBA thrives on this level of data. The higher the volume, the more data points can be analysed, resulting in a more granular picture of what’s really going on. In order to make use of high data volumes, nearly all UEBA vendors use big-data architecture such as Hadoop and MongoDB, horizontally scalable so that processing and storage can be added as needed.

Cybersecurity skills shortage 

The global shortage of skilled security personnel is a well-documented and troubling issue. Nine out of 10 respondents to CyberEdge’s recent research indicated a shortage of IT security talent at their organisations at the time of asking.

Furthermore, a recent State of the SOC study among IT professionals found that just under half (45pc) believe their security operations centre (SOC) is understaffed. Of those, nearly two-thirds (63pc) think they could use anywhere from an additional two to 10 employees.

While UEBA can’t replace skilled IT security professionals, it can greatly amplify the output of existing team members. The ability to analyse incoming data more efficiently greatly reduces false positives, while the provision of environmental and situational context to alerts can significantly speed up investigations.

Queries that previously took hours can be answered in seconds. Not only that, but alerts can be prioritised more accurately based on the perceived threat posed, meaning the team is spending its time on the right things.

The global cyber-threat landscape is growing and evolving all the time. Fortunately, so are the technology solutions available to help combat this. In the past, organisations often went for quantity over quality when compiling security programmes, but a large number of disparate systems rarely makes for an effective solution and often causes more problems than it solves.

UEBA not only helps to break down many of the legacy barriers that organisations find themselves with, it can also help alleviate issues that they have less control over, such as the global IT security skills shortage. As a result, its popularity has skyrocketed as more and more organisations realise it is the key they have been searching for.