Access your Pro+ Content below.
Cloud-first? User and entity behavior analytics takes flight
This article is part of the Information Security issue of October 2018, Vol. 20, No. 5
One of these things is not like the others. The shift toward algorithms could lead to better information security. If only companies across industries could recognize patterns and do the math. Organizations are investing in user and entity behavior analytics for on premises and cloud; endpoints are gaining intelligence; and UEBA integration with SIEM, data loss prevention and other security technologies continues to broaden the functionality of security operations centers. "Learn normal, find weird," said David Swift, principal architect for security analytics at Securonix. The startup, based in Addison, Texas, offers UEBA, UEBA as a service and SIEM. Convergence of UEBA and SIEM has continued in recent years, but they serve distinct functions. "I agree with merging, but one is not going to replace the other," Swift said. "What you are really trying to do with user and entity behavior analytics is like Sesame Street: apple, apple, apple, orange…" User and entity behavior analytics can develop baselines of activity and then use ...
Access this PRO+ Content for Free!
Features in this issue
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.
News in this issue
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.
Columns in this issue
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.