True, there’s no blood or gore, but the latest battleground — cyberspace — is as vicious as any battle fought in the air, land, or sea with outcomes just as unacceptable. What is truly alarming about this man-made domain of conflict is that it is a war that anyone, everyone, anywhere can wage. All your enemies should have is a computer and an internet connection.
It’s a foregone conclusion that as cyber warfare gets bigger, bolder, and nastier, so does the search for counterpunching advanced threat prevention solutions. Among the plethora of offerings, there’s been a sustained buzz about user and entity behavior analytics (UEBA) tools. Is the hoopla justified or is it a case of wishful thinking?
UEBA To The Rescue
Today, cyberspace intrusions have evolved to cover a wider spectrum of attack vectors, risk actors, and methods. Cyber attacks span the spectrum from privileged user credentials being compromised to gain access to sensitive data and attempts to log into a system, from multiple geographically-dispersed locations to malicious efforts to upload malware and damage different layers of the network architecture. For enterprises, the results have been catastrophic — operational outages that disrupt and reduce productivity, risks to physical safety, impact on revenues, dilution of brand value, and loss of business-critical data.
UEBA turns the tables on the current generation of large-scale, multi-vector, hyper attacks that use artificial intelligence (AI) and machine learning (ML), by leveraging AI and ML to recognize, monitor and correlate security events and incidents. Together with security information and event management (SIEM) platforms, they are thwarting attacks that are becoming increasingly more sophisticated, diffused and frequent.
Complementing SIEM Platforms
Notwithstanding their ability to provide real-time analysis of security alerts generated by applications and network hardware, traditional SIEM solutions have their limitations. For instance, they are not designed to prevent advanced attacks and lack effective intelligent threat detection and response features.
They also tend to overlook incidents that have no precedent and have sluggish response times as they rely on predefined correlation and filtering rules. Importantly as well, they fail to address some of the most difficult challenges confronting IT departments today, including the detection of threats and breaches originating from within the organization and the generation of too many false positives.
UEBA tools, working in tandem with SIEM solutions, can resolve these challenges. For a start, they reduce the incidence of false positives, and enable alerts to be prioritized, thereby allowing security professionals to focus on the most credible and high-risk alerts.
Along with advanced ML-based algorithms, UEBA can utilize risk-scoring methodologies to correlate events over a much longer timeline. By focusing on threats that slip past traditional inflexible, rules-driven correlation approaches, they improve the efficiency of security operations centers.
Like fine wine created over time, data models get better with continuous security analyst feedback and volume, becoming more effective in reducing the number of false-positive alerts. Specialized UEBA tools help accelerate the response times of IT personnel, ensuring that assets and information are continuously protected.
Era of Threat-Hunting
Threat-hunting platforms come into play to cover the time gap between when an attack is launched to when it is detected, thereby drastically reducing the dwell time. These platforms collect and manage data from various networks and systems. Additionally, they are also equipped with advanced search, visualization, and analytics capabilities to automate the detection of anomalies associated with potential cyber threats.
“Cutting-edge cyber security analytics platforms are built to equip enterprises fortify their defenses against advanced cyber attacks,” remarks Fadi Sharaf, Sales Director, LinkShadow. “With advanced threat-hunting capabilities, organizations can detect, analyze, respond, resolve and even mitigate incidents faster.”
Providing full visibility across data from different resources, threat-hunting tools offer just the right quantity and quality of data for security analysts to sift through and investigate. In essence, threat-hunting platforms combine multiple techniques — UEBA, link analysis, threat scoring, and ML — with which analysts can gain complete visibility into entities and their relationships. This makes it a simple yet powerful tool for security teams.
Dashboards Show Holistic Risk Scapes
Meanwhile, the depth and range of information and insights that UEBA tools generate — a monthly/quarterly comparison of key security metrics to determine whether companies are achieving ROI from their existing security investments, among them — has highlighted the need for flexible security dashboards. Such dashboards provide employees with the tools to report incidents and evaluate security risks. The overall result is a holistic picture of an organization’s IT risk posture.
Truly effective management security dashboards are configurable and customizable. They allow chief information security officers (CISOs) to track and select the key security metrics that most affect their companies, and locate the information they need to make optimal decisions for their network.
So back to the original question: does UEBA justify the hype? The answer most likely is, ‘yes’.
In a highly dynamic IT environment, they represent a proactive approach to cyber security. By enabling greater visibility into user and entity behavior, they hold the promise of helping companies become more cyber resilient.
They also significantly reduce the burden on security professionals; instead of having to examine millions of alerts per day, UEBA tools identify critical breaches and notify security professionals instantly, so they need respond only to highly prioritized threats.
Meltdown and Spectre exposed vulnerabilities in both hardware and software. The disastrous WannaCry ransomware attack cost organizations across 150 countries an estimated $4 billion. NotPetya devastated major European companies, causing losses amounting to $10 billion. And, it’s not just companies.
In June this year, government agencies, industries, schools, and hospitals across Australia were pummeled by a massive cyber-attack, prompting an over $1 billion investment over the next decade to boost the country’s cyber security capabilities. And, as we all know, if it weren’t for a cyber-attack, the US might just have had its first ever female president.
Article was originally published on Forbes.com (Middle East)