There is a lot of talk about “machine learning” and “behavioral analytics” in the cybersecurity world. Some products and companies are doing a great job designing big data based solutions that use higher math and analytics to find and alert on unusual or malicious activities. Some products are simply a higher order of signatures hiding behind a shiny veneer to make them look like math and analytics.
But sometimes there is a way of doing things that’s simply, well, more than that. There are user behavioral products out there that I think really should be named something different. I’m not sure what that marketing name should be, but let me explain what they do and maybe someone can create a cool shiny name for it.
These products do in fact use math and analytics to baseline activities and alert on deviations, but more importantly, they collect up activities around those deviations and create timelines of total activity and then score them. This is higher order incident response. If you walk into any SOC when a major alert is being investigated, the first thing a SOC analyst will do is collect up evidence and create a timeline of activity around it. Then once all this information is plotted together of “what just happened” they make a decision about whether it was a user who hit something, an application that hiccupped, or the possibility of something much more sinister.
At least one of the user behavioral analytics products does most of that heavy lifting, and does it fast and automatically. Its hands over the timelines and evidence for a human to then validate the “risk score” or invalidate and throw in the trash. Who wouldn’t like to have more time back for their SOC analysts to go proactively hunting instead of reacting? It could be a game changer for many cash and talent strapped agency SOCs.
So, what should these products be called? They aren’t classic automation and orchestration products. They aren’t an IR tool for forensics. They are doing rock star user behavioral analytics, that’s true. Oh alright, I’ll keep calling them user behavioral analytics for now… until someone smarter than me figures out that cool shiny marketing term.
Join GuidePoint Security and Exabeam on March 21st, for a live webinar, to learn more about how they aren’t, well maybe are, the best User Behavioral Analytics product on the market. Click here for more information.
About the Author
Jean-Paul Bergeaux, Federal CTO, GuidePoint Security
With more than 18 years of experience in the Federal technology industry, Jean-Paul Bergeaux is currently the Federal CTO for GuidePoint Security. JP’s career has been marked by success in technical leadership roles with ADIC (now Quantum), NetApp and Commvault and SwishData. Jean-Paul focuses on identifying customers’ challenges and architecting innovative solutions to solve their complex problems. He is also a thought leader on topics that are top of mind for Federal IT Managers like Cyber Security, VDI, Big Data, and Backup & Recovery.