alex_aldo - Fotolia

Manage Learn to apply best practices and optimize your operations.

The tug of war between user behavior analysis and SIEM

Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component?

This article can also be found in the Premium Editorial Download: Information Security magazine: Will it last? The marriage between UBA tools and SIEM:

User behavior analytics got a second look in 2015, when new ways to tackle an old problem entered the market. Security companies explored leaps in data science and machine learning to develop standalone UBA components that offered advanced analytics to track human and machine behavior in near real time.

Two years later, user behavior analysis features appeared in a range of information security technologies, and the trend is expected to continue.

In this issue, we look at the tug of war between user behavior analysis -- sometimes called user and entity behavior analytics -- and SIEM.

"In the short term, better UEBA vendors do deliver incremental value over SIEM to large organizations, as long they are comfortable with some tuning and model customization," said Anton Chuvakin, a research vice president and analyst at Gartner. "Expect deeper analytics to appear in data loss prevention, cloud access security brokers -- it's already present in many CASB tools -- and not just SIEM."

For many enterprises, risk management beyond information security technologies may soon include GPS systems. GPS is appearing on the radar of more CISOs because they are the best equipped at many companies to monitor the secure use of this growing technology. We explore the critical weaknesses of GPS -- a risk increasingly flagged by the U.S. government, which operates the satellites used in the free positioning, navigation and timing service -- and the steps to prepare to deal with them.

Protecting critical infrastructure is familiar territory for John Germain, who spent years as CISO and then vice president of IT infrastructure at Xylem, an ITT company in charge of technology for the North American water supply. In this issue, we talk with Germain about his new CISO position at Duck Creek Technologies, which offers property and casualty software to the insurance industry.

We also take a ride in the wayback machine and remember what we have already learned and, in some cases, forgotten. Marcus Ranum chats with Blaine Burnham, who spent more than a decade at the National Security Agency. In his last years at the NSA, Burnham established the University Research Council to promote partnerships between government, academia and industry. Later, Burnham worked in academia, where he developed cybersecurity degree programs at Georgia Tech, the University of Nebraska and the University of Southern California's Viterbi School of Engineering.

User behavior analysis technologies and cybersecurity education programs both offer avenues to solving one of the biggest enterprise security problems: a lack of cybersecurity skills. Predictive analytics, expected next year in some UEBA tools, may lighten the load of overwhelmed security analysts. Information security education programs may encourage more participation in a workforce that could use help to conquer new security problems and, more importantly, those that remain unsolved.

Next Steps

Learn more about behavior analytics technologies

What is UBA's role in ransomware identification?

Insider threat detection tools manage bad behavior

This was last published in December 2017

Dig Deeper on SIEM, log management and big data security analytics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close