Blogs

The role of Behaviour Analytics & Machine Learning in Cybersecurity

Written by Coforge-Salesforce BU | Jan 27, 2019 6:30:00 PM

In 2017, Lloyd’s of London has warned that a serious cyber-attack could cost the global economy more than £92bn. Recent incidents show that this estimation is not far-fetched. According to Reuters, cyber-crime attacks to two thirds of Germany’s manufacturers, costed 43 billion euros. Closer to home, WannaCry cyberattack costed the NHS £92 million, whereas the TalkTalk cyberattack costed the company £77 million.

The real costs however are hard to measure. Besides the obvious costs which may include fines, costs from operational disruption, and upgrading IT systems, trust and brand reputation costs may have much harsher financial repercussions in the long-run for the business. 

Old tools and systems are quickly becoming obsolete, whereas malicious attacks are getting increasingly advanced. Hackers, competitors and industrial spies can break into firewalls, penetrate enterprise systems, send phishing emails, or even bribe to gain access into enterprise systems.

Today, enterprise organisations require new, intelligent tools and methods to prevent, detect and terminate cyberattacks in real-time. User and Entity Behaviour Analytics (UEBA) uses Machine Learning to help foil cyber-attackers by discovering security anomalies. Using machine learning and algorithm techniques, UEBA tools analyse logs, system reports, network packets, files and detect when there is a deviation from established patterns, showing which of these anomalies could result in a potential, real threat.

Risk areas Old tools UEBA tools
Slow response times to threats As cyberattacks are becoming more sophisticated, traditional tools fail to detect them fast enough to enable the organisation to effectively prevent or stop an attack. Machine Learning powered UEBA tools can get ahead of a cyberthreat and actively respond to a suspicious incident in real-time, rather than just sending an alert that might get into a queue of countless other alerts for investigation.
Risk & Attack Surface Organisations with a large sum of the different points (surface) where an unauthorised user can try to enter data to or extract data, have larger exposure to risk and attacks. Keeping the attack surface as small as possible is a basic security measure. UEBA analyses the risk and attack surface of an organisation to  help proactively reduce their attack surface, making it harder to compromise.
Vulnerability Assessment Traditional tools may not be able to assess the full scale of an organisations’ vulnerabilities due to siloed operations, evolving software tools etc. UEBA tools can enable the security team to better understand the vulnerable points (such as weak passwords or shared endpoints) and address them before an incident occurs as well as help accelerate incident investigation.
Events Frequency & Operational Efficiency   Not all events present a real threat, but organisations that do not have the technology to quickly and effectively classify an event, may have to experience frequent, unnecessary disruptions to their operation by ‘false’ alarms. The automation introduced by Machine Learning and UEBA tools, allows security teams to focus on real threats and less on false positives.

 

Among the areas where UEBA can help organisations enhance their cybersecurity are:

Detect insider threats It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA will detect data breaches, sabotage, privilege abuse, and policy violations made by your own staff.
Detect compromised accounts Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA will help weed out spoofed and compromised users before they can do real harm.
Detect brute-force attacks Hackers may target your cloud-based entities as well as third-party authentication systems. UEBA will detect brute-force attempts, allowing you to block access to these entities.
Detect changes in permissions and creation of super users Some attacks involve the creation of super user accounts. UEBA will allow you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.
Detect breach of protected data UEBA will detect any unusual interaction or request for protected data, applying intelligence to assess whether access should be granted based on the user profile.

Final thoughts

Many hackers are already using Artificial Intelligence and Machine Learning techniques to boost their attack capabilities. User and Entity Behaviour Analytics can help organisations proactively assess potential vulnerabilities and threats, whereas with the algorithms continuously being optimised with new information, keep their security measures up-to-date.