The role of Behaviour Analytics & Machine Learning in Cybersecurity
In 2017, Lloyd’s of London has warned that a serious cyber-attack could cost the global economy more than £92bn. Recent incidents show that this estimation is not far-fetched. According to Reuters, cyber-crime attacks to two thirds of Germany’s manufacturers, costed 43 billion euros. Closer to home, WannaCry cyberattack costed the NHS £92 million, whereas the TalkTalk cyberattack costed the company £77 million.
The real costs however are hard to measure. Besides the obvious costs which may include fines, costs from operational disruption, and upgrading IT systems, trust and brand reputation costs may have much harsher financial repercussions in the long-run for the business.
Old tools and systems are quickly becoming obsolete, whereas malicious attacks are getting increasingly advanced. Hackers, competitors and industrial spies can break into firewalls, penetrate enterprise systems, send phishing emails, or even bribe to gain access into enterprise systems.
Today, enterprise organisations require new, intelligent tools and methods to prevent, detect and terminate cyberattacks in real-time. User and Entity Behaviour Analytics (UEBA) uses Machine Learning to help foil cyber-attackers by discovering security anomalies. Using machine learning and algorithm techniques, UEBA tools analyse logs, system reports, network packets, files and detect when there is a deviation from established patterns, showing which of these anomalies could result in a potential, real threat.
Risk areas
Old tools
UEBA tools
Slow response times to threats
As cyberattacks are becoming more sophisticated, traditional tools fail to detect them fast enough to enable the organisation to effectively prevent or stop an attack.
Machine Learning powered UEBA tools can get ahead of a cyberthreat and actively respond to a suspicious incident in real-time, rather than just sending an alert that might get into a queue of countless other alerts for investigation.
Risk & Attack Surface
Organisations with a large sum of the different points (surface) where an unauthorised user can try to enter data to or extract data, have larger exposure to risk and attacks.
Keeping the attack surface as small as possible is a basic security measure. UEBA analyses the risk and attack surface of an organisation to help proactively reduce their attack surface, making it harder to compromise.
Vulnerability Assessment
Traditional tools may not be able to assess the full scale of an organisations’ vulnerabilities due to siloed operations, evolving software tools etc.
UEBA tools can enable the security team to better understand the vulnerable points (such as weak passwords or shared endpoints) and address them before an incident occurs as well as help accelerate incident investigation.
Events Frequency & Operational Efficiency
Not all events present a real threat, but organisations that do not have the technology to quickly and effectively classify an event, may have to experience frequent, unnecessary disruptions to their operation by ‘false’ alarms.
The automation introduced by Machine Learning and UEBA tools, allows security teams to focus on real threats and less on false positives.
Among the areas where UEBA can help organisations enhance their cybersecurity are:
Detect insider threats
It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA will detect data breaches, sabotage, privilege abuse, and policy violations made by your own staff.
Detect compromised accounts
Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA will help weed out spoofed and compromised users before they can do real harm.
Detect brute-force attacks
Hackers may target your cloud-based entities as well as third-party authentication systems. UEBA will detect brute-force attempts, allowing you to block access to these entities.
Detect changes in permissions and creation of super users
Some attacks involve the creation of super user accounts. UEBA will allow you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.
Detect breach of protected data
UEBA will detect any unusual interaction or request for protected data, applying intelligence to assess whether access should be granted based on the user profile.
Final thoughts
Many hackers are already using Artificial Intelligence and Machine Learning techniques to boost their attack capabilities. User and Entity Behaviour Analytics can help organisations proactively assess potential vulnerabilities and threats, whereas with the algorithms continuously being optimised with new information, keep their security measures up-to-date.
We are a global digital services and solutions provider, who leverage emerging technologies and deep domain expertise to deliver real-world business impact for our clients. A focus on very select industries, a detailed understanding of the underlying processes of those industries, and partnerships with leading platforms provide us with a distinct perspective. We lead with our product engineering approach and leverage Cloud, Data, Integration, and Automation technologies to transform client businesses into intelligent, high-growth enterprises. Our proprietary platforms power critical business processes across our core verticals. We are located in 21 countries with 26 delivery centers across nine countries.
WHAT WE DO.
Explore our wide gamut of digital transformation capabilities and our work across industries.