• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The benefits of tracking user behavior analytics

December 10, 2015 by Secure360 and UMSA

tracking user behavior analytics

Copyright: 123rf/Dmitriy Shironosov

User Behavior Analytics (UBA) uses big data and machine learning algorithms to assess the risk, in near-real time, of system user activity within your organization. Why is this analysis necessary? Think about it: everyday, your employees are using user credentials to access the organization’s systems from the company office during regular business hours. One day you are notified that an individual’s credentials were used to connect to a database server and run queries that this user has never performed before. Is a database administrator running maintenance checks or has the system been compromised? User behavior analytics can help an organization determine what normal behavior should look like within their systems and when to be cautious of unusual activity.

According to the recent SANS Analytics and Intelligence Survey, only about one-third of organizations today collect user behavior monitoring data, but approximately three-fourths of respondents say they intend to start collecting this data in the future. Understandably so—user behavior analytics offer visibility into potential insider threats, show early red flags for when accounts have been compromised by external attackers and are most useful to measure changes in user behavior. Ultimately, the foundation of a behavior analytics program is to understand what normal behavior looks like to catch irregularity in the system. Below are 3 key areas to focus on when establishing behavior analytics and measuring user behaviors.

Determining human and machine behavior

Normal behavior for accounts used by humans will look different than that of service accounts that are used to carry out automated application activity. These machine accounts usually have a large amount of permissions; however, their activity is much more predictable than human user accounts. In addition, the volume activity of automated accounts is usually much higher than human accounts.

When tracking user behavior, it is important to which type of account is being looked at when determining what unusual behavior is.

Track mobile device location data

Mobile devices provide a great opportunity for tapping into the power of user behavior analytics. Forward-looking security programs are able to use the location tracker on smartphones as a data point in user behavior analytics. Through tracking mobile devices, security teams are able to flag any situation where an authentication is coming from a different physical location than the location of the smartphone.

Keep tabs on machine admin accounts

Companies must keep track of local machine administrator accounts in addition to active directory accounts. Cyber criminals tend to leverage these local accounts to move work their way into a system until they can break into a more critical user account. These hackers are usually successful within companies that use a standard image for rapid desktop deployment and keep local domain administrator passwords identical to simplify helpdesk requests.

User behavior analytics are helping to transform security and fraud management by enabling organizations to detect when legitimate user accounts have been compromised by external attackers or are being abused by insiders for malicious purposes.

Filed Under: Business Continuity Management

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: New post alert! Learn more about our awesome 2022 @UMSAOrg #scholarship winners https://t.co/C8VnqX3wWW
    about 8 hours ago

  2. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 1 day ago

  3. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.