Today I want to focus on the study of User Behavior Analytics and how companies like ForcePoint are developing solutions to help mitigate cybersecurity threats from inside your company.
While attending Tech Field Day 16* out in Austin, User Behavior Analytics took the center stage during one of the presentations by Forcepoint.
I have always had a love for analytics, even more so, how you can determine actions based off of trends from users. This is quite prevalent in the gaming industry and helps game developers fine tune their product. So needless to say, hearing how you can use it to defend cybersecurity threats was quite interesting to me.
User Behavior Analytics is the collection of human behavior data to help identify anomalies in users to help combat cybersecurity threats. Companies like Forcepoint then develop algorithms and statistical models to help businesses detect potential threats from within the company.
The key takeaway is that using this technology is about tracking the users’ actions and not the actions of the system.
It wants to monitor everyone, not just you. Understand that the sooner cybersecurity threats can be detected the less impact it has on the business.
Let’s be clear that not all data theft or corruption is intentional by users. A user sends an email to the wrong person or deletes a folder without realizing what they did. Take another example, you are surfing the internet and accidentally click on a cute kitten video, unknowingly affecting your computer with malware.
There are many cases of former employees trying to enact revenge because they are unhappy with their previous employer. Or the person is a salesperson and they access information and download client database right before quitting and starting with a competitor. This person’s intentions are deliberate.
One way for Forcepoint and their customers to take advantage of this technology is through their User & Entity Behavior Analytics solution, this tool allows for them to bring data in from a variety of sources to understand who employees are and what they are doing.
By understanding who your users are and what they do normally, helps companies detect when something out of the ordinary happens.
If Bob never goes into the office late at night and randomly he starts accessing company files after 11 pm, you can identify a potential threat. Or perhaps, Bob got a new position and is working different hours or got assigned a project and was just trying to meet deadlines. Bob’s manager could go to him and say we noticed that you started logging in and accessing sensitive data late at night and when Bob replies he is in bed normally at 9 pm, the company would know something was wrong.