1000words - Fotolia

How does user behavior analytics compare to security awareness training?

User behavior analytics is emerging as a technology to prevent malware infections and end-user attacks, but how viable is it? Expert Nick Lewis outlines the pros and cons.

What is user behavior analytics and can it really improve enterprise security? How does such profiling security software compare to security awareness training?

Information security continues to rapidly advance in terms of how to help protect individuals and enterprises from taking actions that could lead to a user's computer getting infected with malware.

One recent area of research has been around using behavioral and psychological characteristics to identify when a user might be in a situation where they could click on a link or open a file that might be malicious.

Fujitsu Ltd. announced research where it identified users vulnerable to malware based on their computer usage. Human error is one of the largest causes of data breaches; careful monitoring and analysis of human behavior can identify areas where a specific warning or security control could be implemented to prevent the user's error from causing a data breach.

Unlike security awareness training -- the formal process of training and educating employees about malware and other security issues that can be prevented by user actions -- user behavior analytics focuses on tracking behaviors and patterns to detect internal threats, be they accidental or intentional. A user behavior analytics tool will generally develop a baseline of employee behavior and from there pinpoint anomalies to research further.

While monitoring one individual would not be sensitive enough to correlate user behavior to malware infections, on a large enough basis -- like in the Fujitsu research or on a larger scale -- patterns in user behavior could potentially be identified and then a warning or security control could be designed around the behavior to stop malware infection. Therefore, user behavior analytics would be more effective for larger populations performing similar functions, such as financial services or manufacturing companies.

Leveraging user behavior analytics in an enterprise might also be challenging because of the privacy concerns around tracking every single mouse movement and keystroke of employees. It would also require an additional piece of software installed on an endpoint. Enterprises can address privacy concerns by being open and transparent about the monitoring and how the system is secured, and by explaining how the data is used to protect the user and enterprise from malware.

Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Learn more about preventing security attacks with user behavioral analytics

User behavioral analytics is the new method for thwarting cybersecurity attacks

This was last published in July 2015

Dig Deeper on Data security technology and strategy