alphaspirit - Fotolia
How can UC analytics detect a security breach?
UC analytics can be the first warning that your UC system's security has been breached. Comparing statistics month to month can help identify potential security problems.
Security should be top of mind at all times and in every scenario. Using existing UC analytics can enhance your unified communications security by alerting you to potential breaches.
Security problems typically appear as deviations from the norm. To know what is normal for your business, it's important to establish a baseline of operations use. Baseline UC analytics can be as simple as running a set of statistics for the current month and keeping these to reference against in the future.
Don't assume a security issue isn't already present when pulling baseline UC analytics. Start by analyzing and evaluating baseline statistics for possible anomalies. While the specifics will vary by business focus and the system stats available, you should begin by checking these four areas:
- Time of day. Review your UC analytics to make sure the system usage is in sync with the daily and weekly work characteristics of your company. If usage spikes outside of regular activity hours, it could indicate a UC security breach.
- Session partners. Check if your system provides detailed information about call partners' geographic location. If you are a U.S.-based retailer, it's unlikely a bevy of calls to Ukraine are legitimate.
- Usage. Know what usage should look like in your organization. For a company that offers support services, it might be normal to find users with hundreds of calls or calls lasting for hours. Look at your UC analytics for usage patterns that seem unreasonable for your line of business. Uncharacteristic usage can indicate a security breach or an account takeover.
- Features. UC systems are feature-rich, but many companies only use a subset of available features. Identify the features your company is actually using, and check to make sure those supposedly unused features are not showing high usage. This, too, could indicate a breach or account takeover.
While your system might be secure today, a breach can happen at any time. Keep your initial baseline stats, and make periodic comparisons against the new stats you take each month. If you see dramatic changes, they could be an indicator of a security issue.