Information Security

Defending the digital infrastructure

alex_aldo - Fotolia

The tug of war between user behavior analysis and SIEM

Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component?

User behavior analytics got a second look in 2015, when new ways to tackle an old problem entered the market. Security companies explored leaps in data science and machine learning to develop standalone UBA components that offered advanced analytics to track human and machine behavior in near real time.

Two years later, user behavior analysis features appeared in a range of information security technologies, and the trend is expected to continue.

In this issue, we look at the tug of war between user behavior analysis -- sometimes called user and entity behavior analytics -- and SIEM.

"In the short term, better UEBA vendors do deliver incremental value over SIEM to large organizations, as long they are comfortable with some tuning and model customization," said Anton Chuvakin, a research vice president and analyst at Gartner. "Expect deeper analytics to appear in data loss prevention, cloud access security brokers -- it's already present in many CASB tools -- and not just SIEM."

For many enterprises, risk management beyond information security technologies may soon include GPS systems. GPS is appearing on the radar of more CISOs because they are the best equipped at many companies to monitor the secure use of this growing technology. We explore the critical weaknesses of GPS -- a risk increasingly flagged by the U.S. government, which operates the satellites used in the free positioning, navigation and timing service -- and the steps to prepare to deal with them.

Protecting critical infrastructure is familiar territory for John Germain, who spent years as CISO and then vice president of IT infrastructure at Xylem, an ITT company in charge of technology for the North American water supply. In this issue, we talk with Germain about his new CISO position at Duck Creek Technologies, which offers property and casualty software to the insurance industry.

We also take a ride in the wayback machine and remember what we have already learned and, in some cases, forgotten. Marcus Ranum chats with Blaine Burnham, who spent more than a decade at the National Security Agency. In his last years at the NSA, Burnham established the University Research Council to promote partnerships between government, academia and industry. Later, Burnham worked in academia, where he developed cybersecurity degree programs at Georgia Tech, the University of Nebraska and the University of Southern California's Viterbi School of Engineering.

User behavior analysis technologies and cybersecurity education programs both offer avenues to solving one of the biggest enterprise security problems: a lack of cybersecurity skills. Predictive analytics, expected next year in some UEBA tools, may lighten the load of overwhelmed security analysts. Information security education programs may encourage more participation in a workforce that could use help to conquer new security problems and, more importantly, those that remain unsolved.

Article 4 of 5

Next Steps

Learn more about behavior analytics technologies

What is UBA's role in ransomware identification?

Insider threat detection tools manage bad behavior

This was last published in December 2017

Dig Deeper on Security analytics and automation

Get More Information Security

Access to all of our back issues View All