When planning your investments in cyber security, it’s critical to find technology that can deliver real value now — and also as both your IT environment and the cyber threat landscape rapidly evolve. Look for a cyber security solution with the following functionality:
- Built-in advanced analytics that can spot a variety of sophisticated attacks in the early stages, including those disguised as authorsed user activity.
- Actionable intelligence that simplifies the decision-making process and enables you to leverage your analytics data to improve security policy.
- Support for APIs, IaaS and SaaS in order to extend visibility into user behaviour to all IT systems across your hybrid cloud IT environment.
- A single point of access for the data that enables discovery of dependencies among events taking place in various parts of the IT infrastructure.
- You can get all these features with User and Entity Behaviour Analytics (UEBA). UEBA has emerged only recently, but it has already shown much better results than SIEM in detecting threats and providing refined insight, according to Gartner customers.
Unlike SIEM, UEBA solutions analyse entity, user and privileged user behaviour to proactively spot anomalous activity. This enables UEBA to address one of the most challenging security issues: identifying malware, compromised accounts, malicious insiders and other threats that are disguised as authorised activity. In addition, advanced UEBA has a critical capability for defending against rapidly evolving cyber threats: instead of relying only on predefined rules, UEBA can learn, which gives it the flexibility to respond to the ever-changing threat landscape. Together, these two capabilities address every stage of the kill chain, enabling early detection of security incidents.
BY MICHAEL FIMIN ON 31/01/2017 ANALYSIS, SECURITY