Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Using specialised analytics to improve cybersecurity

Using specialised analytics to improve cybersecurity

Orion Cassetto, senior director of product marketing at Exabeam discusses the growing popularity of User and Entity Behaviour Analytics (UEBA).and how it can help organisations achieve effective data security.

 The volume and severity of cybersecurity threats faced across the business world are growing at a steady rate. Fortunately, this fact is no longer lost on most organisations. Gartner has predicted worldwide security spending will increase by 8pc in 2018 to reach a value of $96bn by the end of the year because of regulatory change, mindset and a growing awareness of threats.

Central to this growth is the identification and adoption of new security technologies, designed to streamline overall security operations as well as alleviate some of the pressures associated with longstanding security issues, such as the global shortage of skilled personnel. One technology seeing significant growth at present is User and Entity Behaviour Analytics (UEBA).

 An intro to UEBA 

UEBA is a cybersecurity technology that uses a combination of machine learning, behavioural modelling and statistical analyses to identify when user or machine patterns deviate from established behaviour, indicating a real security threat. This article will look at three major barriers to effective security for modern businesses and explain how UEBA technology can be used to help remove them.

The need for context 

One of the biggest issues with many conventional security tools such as firewalls and anti-malware is that they operate in silos. As a result, when alerts are raised, they lack the context, visibility and data from other tools within a security programme that would help an analyst understand the incident in more detail.

For example, if an anti-malware alert is raised from a source IP address, or malware name or URL, without answers to key questions such as ‘Who was using the asset at the time of infection?’, ‘What host had the IP address at the time of infection?’ and ‘What other systems are affected?’, containing the incident can be extremely difficult.

UEBA can help to provide this missing context by supplementing the alert with both environmental and situational information.

  • Environmental: This may include information such as whether the user at the time was an IT admin or high-privileged user, or if they are the actual owner of the asset in question.
  • Situational: By creating user session timelines, UEBA can not only provide answers to the critical who, what and when questions, but also to questions such as ‘Has this happened before?’ and ‘Is it normal?’, which can be incredibly useful when investigating a specific incident.

Too much data – a double-edged sword

In a modern data environment, security information and event management deployments regularly gather more than 1TB of data a day, or more than 100,000 events per second. Most of this data is high-volume, but low-value. Nevertheless, analyst teams often have no way to manually review this amount of data or the alerts that result from it, meaning that key information is regularly missed.

Being machine-based, UEBA thrives on this level of data. The higher the volume, the more data points can be analysed, resulting in a more granular picture of what’s really going on. In order to make use of high data volumes, nearly all UEBA vendors use big-data architecture such as Hadoop and MongoDB, horizontally scalable so that processing and storage can be added as needed.

Cybersecurity skills shortage 

The global shortage of skilled security personnel is a well-documented and troubling issue. Nine out of 10 respondents to CyberEdge’s recent research indicated a shortage of IT security talent at their organisations at the time of asking.

Furthermore, a recent State of the SOC study among IT professionals found that just under half (45pc) believe their security operations centre (SOC) is understaffed. Of those, nearly two-thirds (63pc) think they could use anywhere from an additional two to 10 employees.

While UEBA can’t replace skilled IT security professionals, it can greatly amplify the output of existing team members. The ability to analyse incoming data more efficiently greatly reduces false positives, while the provision of environmental and situational context to alerts can significantly speed up investigations.

Queries that previously took hours can be answered in seconds. Not only that, but alerts can be prioritised more accurately based on the perceived threat posed, meaning the team is spending its time on the right things.

The global cyber-threat landscape is growing and evolving all the time. Fortunately, so are the technology solutions available to help combat this. In the past, organisations often went for quantity over quality when compiling security programmes, but a large number of disparate systems rarely makes for an effective solution and often causes more problems than it solves.

UEBA not only helps to break down many of the legacy barriers that organisations find themselves with, it can also help alleviate issues that they have less control over, such as the global IT security skills shortage. As a result, its popularity has skyrocketed as more and more organisations realise it is the key they have been searching for.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post