PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Cloud-first? User and entity behavior analytics takes flight
This article is part of the Information Security issue of October 2018, Vol. 20, No. 5
One of these things is not like the others. The shift toward algorithms could lead to better information security. If only companies across industries could recognize patterns and do the math. Organizations are investing in user and entity behavior analytics for on premises and cloud; endpoints are gaining intelligence; and UEBA integration with SIEM, data loss prevention and other security technologies continues to broaden the functionality of security operations centers. "Learn normal, find weird," said David Swift, principal architect for security analytics at Securonix. The startup, based in Addison, Texas, offers UEBA, UEBA as a service and SIEM. Convergence of UEBA and SIEM has continued in recent years, but they serve distinct functions. "I agree with merging, but one is not going to replace the other," Swift said. "What you are really trying to do with user and entity behavior analytics is like Sesame Street: apple, apple, apple, orange…" User and entity behavior analytics can develop baselines of activity and then use ...
Features in this issue
-
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
-
Beware of the gray hat hacker, survey warns
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
News in this issue
-
Industries seek to improve third-party security risk controls
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.
Columns in this issue
-
Kurt Huhn discusses the role of CISO in the Ocean State
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
-
White hat Dave Kennedy on purple teaming, penetration testing
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.