Report: Enterprises should consider user behavior analytics to detect attacks earlier
Understanding user behavior analytics could help enterprises detect cyberattacks earlier, according to researchers at Rapid7.
User behavior analytics (UBA) may help enterprise security programs detect threats sooner, according to the Understanding User Behavior Analytics report conducted by Rapid7.
Researchers said that by monitoring user accounts, cloud usage, location of mobile BYOD (bring your own device) use, and lateral movement of information within their systems, enterprises can gain insight into how employees use information to better detect abnormalities.
“While anti-malware, vulnerability research and regular penetration testing are all important, a mature security program needs to put significant focus on monitoring normal user behavior in order to tell what's abnormal and malicious,” Tod Beardsley, principal security research manager at Rapid7 told SCMagazine.com via email.
UBA helps with this by providing clear insight into malicious behavior without cluttering up an alerting system with false positives, Beardsley said.
Knowledge of this information will help IT organizations better detect and remediate against an active intrusion by highlighting anomalous account behavior, according to the report.
Attackers will often try to compromise a user's account via social engineering and trickery. Once the account is compromised, the attacker will move laterally within the network to establish more permanent control to enhance access to the targeted data and or resources.
“Once enterprises have a handle on what's normal for both human- and machine-controlled accounts, they can more easily tell when a machine starts behaving like a person, or when a human user account starts behaving more systematically like a machine-controlled account,” Beardsley said.
Understanding normal user behavior and what behavior indicates an attack is the key to early detection, according to the report.