The Raison D’etre behind User Behavior: The Future of Cyber Security Analytics

The purpose of this article is to demonstrate an analytic maturity model through which cyber security experts/institutions can assess their progress in the use of user behavioral analytics to forge the thorough scrutiny in applying security postures that safeguard confidentiality, integrity and the availability of data to the right user primarily eliminating nuance.  

We realized in this day and age that, threats are being driven internally by individuals that we are supposed to trust and confide with sensitive data. This makes it extremely difficult for a security analyst to see these threats because some conventional products don’t focus on identifying malicious intent within the system. Think about it for a minute! Whoever envisaged Julian Assange, Chelsea Manning and the most recent Edward Snowden will be such a threat to the safety of the US government operations? I guess no one! Would it be safe to say despite networking monitoring and risk management procedures in place the system have proven to work unsuccessfully or the federal agencies to rely on outdated tools to streamline network security operations?  

According to a report by Shannon (2015), he indicates that “for two consecutive years, organizations reported that insider crimes caused comparable damage (34 percent) to external attacks (31 percent), according to a recent cybercrime report cosponsored by the CERT Division at the Carnegie Mellon University Software Engineering Institute”.  

One will be tempted to say possible reasons associated may be:  

Malicious – intention to cause damage to the organization/business

Negligent – Workaround can be careless

Accidental – without intent: breach committed in omission

Regardless of the reason, there is good news! Yay… with the implementation of a User Behavioral Analytic Software program, it distinguishes between a friend from a foe. It functions by telling the machine how each user typically acts, behaves and communicates so that it could take notice of something - or someone - were not quite right in the system says, Prof. Derek. With the sophisticated use of algorithms and statistical analysis, UBA systems can help predict attacks. This system is at the forefront of most security network architectures today.

Some of the advantages of this technology are:

UBA gives network security the tools to spot anomalous behavior of credential users.  UBA can detect suspicious geolocation sequences because most users work remotely from different locations. Therefore, asking users to consider the legitimacy of every remote login would be overwhelming but UBA software can do it without batting an eye.

According to Prof. Derek, “most security systems do not pay attention to service accounts. UBA does not care if the account is just a “system” account. It will monitor every account for unusual activity based on the baseline established for each account”.

Oh oh! Wake up, it’s real!

UBA systems can detect in real time – simultaneous user logins and unjustified user access in areas unrelated to their job duties. The real power of UBA is the detection of threat activity in real-time. While UBA is designed to monitor individual users, it can also observe users across the entire organization as a whole. Unusual data movements can alert the system to a potential live attack. The system can halt the data flow almost immediately. The only downside is that your customers will never know that they should thank you.

With this in mind, had the NSA implemented this software technology, Edward Snowden's usual activities would have been flagged immediately and stopped.  In addition, U.S. top secrets would not have been compromised. This technology I believe should be the new face of cyber security architecture (IaaS) for every firm/organization.