1000words - Fotolia
What is user behavior analytics and can it really improve enterprise security? How does such profiling security software compare to security awareness training?
Information security continues to rapidly advance in terms of how to help protect individuals and enterprises from taking actions that could lead to a user's computer getting infected with malware.
One recent area of research has been around using behavioral and psychological characteristics to identify when a user might be in a situation where they could click on a link or open a file that might be malicious.
Fujitsu Ltd. announced research where it identified users vulnerable to malware based on their computer usage. Human error is one of the largest causes of data breaches; careful monitoring and analysis of human behavior can identify areas where a specific warning or security control could be implemented to prevent the user's error from causing a data breach.
Unlike security awareness training -- the formal process of training and educating employees about malware and other security issues that can be prevented by user actions -- user behavior analytics focuses on tracking behaviors and patterns to detect internal threats, be they accidental or intentional. A user behavior analytics tool will generally develop a baseline of employee behavior and from there pinpoint anomalies to research further.
While monitoring one individual would not be sensitive enough to correlate user behavior to malware infections, on a large enough basis -- like in the Fujitsu research or on a larger scale -- patterns in user behavior could potentially be identified and then a warning or security control could be designed around the behavior to stop malware infection. Therefore, user behavior analytics would be more effective for larger populations performing similar functions, such as financial services or manufacturing companies.
Leveraging user behavior analytics in an enterprise might also be challenging because of the privacy concerns around tracking every single mouse movement and keystroke of employees. It would also require an additional piece of software installed on an endpoint. Enterprises can address privacy concerns by being open and transparent about the monitoring and how the system is secured, and by explaining how the data is used to protect the user and enterprise from malware.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn more about preventing security attacks with user behavioral analytics
User behavioral analytics is the new method for thwarting cybersecurity attacks
Dig Deeper on Data security technology and strategy
Related Q&A from Nick Lewis
Prevention is the only line of defense against an extortionware attack. Learn how extortionware works and why it can be more damaging than ransomware. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading