12-27-21 | Blog Post
As businesses increasingly conduct more of their activities online, there has been a corresponding increase in the frequency as well as the number of cyber-attacks; cybercriminals invest their time and resources seeking various ways to compromise business computer networks. Given the increased frequency and sophistication of cyber attacks, traditional cybersecurity strategies are no longer enough in keeping your computer network secure.
Cybercriminals have developed techniques that are able to evade traditional network security mechanisms and penetrate business networks. To ensure that your business network remains protected despite the new cyber attack strategies being utilized, you need to include User and Entity Behavior Analytics (UEBA) in your cybersecurity arsenal.
The various cybersecurity strategies typically fall into one of two categories namely intrusion prevention or intrusion detection; there are a few, however, that can fit in both categories. UEBA falls squarely in the intrusion detection camp; it is a means of detecting possible network compromise based on variations in network behavior by users. An alert is generated when is user’s online behavior is out of character; this alert then prompts the relevant cybersecurity personnel to do further investigation to find out if a data breach is taking place.
UEBA is a behavior-based alert system that depends wholly on knowing and understanding the normal online behaviors of all the users within a network. All users within a network have their unique ways of carrying out their online activities; machine learning tools and applications are used to analyze these unique online behaviors, a process known as baselining. Once baselining is complete, algorithms and statistical analyses are then used to look for users whose online behavior is out of character for them; this could be an early warning sign that a network breach has occurred or is in the process of taking place.
UEBA is a cybersecurity strategy that is not easily evaded as it depends on the cybercriminal knowing not only the account credentials but the normal online behavior of the user. Therefore, if a cybercriminal is successful in obtaining a user’s credentials, the change is online behavior will promptly alert the cybersecurity team so that remedial actions can be initiated.
Adding UEBA as part of your cybersecurity strategy confers several benefits such as:
Traditionally, Security Information and Event Management (SIEM) has been used by cybersecurity specialists to monitor and detect anomalies within a network. However, SIEM is a based upon rules set by the network administrator; so long as network traffic or online behavior falls within the set of rules, no alert is triggered. For example, the network administrator may set rules to trigger alerts if there is an increase in network traffic after 5pm; as such, any spike in traffic due to a data breach before 5pm may go undetected. With UEBA, however, alerts are behavior-based and not rule-based; as a result, UEBA offers a higher degree of sensitivity in flagging for potential network threats.
At Otava, we understand how important it is to keep your network secure. We have specialists on hand ready to set up your business network with our UEBA system. Contact us today for more information about what we have to offer.