User behavior analytics: The equalizer for under-staffed security teams

Nir Polak, CEO at Exabeam

In a perfect world, security professionals would see a few alerts, recognize the pattern, identify the malware and the hacker, and solve the problem – all with only a few mouse clicks. However, no matter how seasoned and deep security teams are, it doesn’t work like that. Since cybercriminals seem to remain a few steps ahead and trends suggest this isn’t likely to change, skilled and savvy security pros are in high demand. At the moment, there are more than 209,000 cybersecurity jobs left unfilled with the demand for expertise greatly surpassing the supply of skilled workers, according to Peninsula Press.

Entry-level analysts, no matter how talented, haven’t amassed the experience of their more established counterparts. However, with the right tools in place, this doesn’t have to mean a lower success rate. Technology, in the form of user behavior analytics, gives less experienced security teams a significant boost, equipping them to eliminate intrusions before they devastate employees, customers and businesses.

How UBA helps security teams

No matter how talented and well-educated an analyst is, he needs to learn over time and develop a stronger understanding of his position, the network he protects and the signs that suggest an attack is under way. This takes time since, well – he’s human, so he can only process so much, and mistakes and oversights are inevitable. We’ve all seen it, even our best analysts miss things. But what isn’t subject to human error are UBA solutions. They process data from every account on a network and develop complex understandings of users’ normal activity and create algorithms to quickly detect, prioritize and guide effective response for abnormal, or threatening, behavior.

Just like machine-learning principles and analytics have revolutionized a number of industries, UBA solutions are doing the same for cybersecurity, giving analyst teams a significant weapon in the war against cybercriminals.

Instead of investigating any of the thousands of alerts that come in every week, security teams using UBA solutions receive detailed analysis of the most anomalous activity and know these alerts need to be investigated quickly. This makes each security team member more efficient and effective, no matter how much experience they have in the trenches of security warfare.

Colleges and industries can’t suddenly start producing thousands more analysts. Even as security receives a larger slice of the budget, you can’t hire people that don’t exist. What’s more, staffing issues have prevented companies from improving security capability on a global scale. According to 451 Research, only 24 percent of companies have non-stop internal monitoring in place. More than 34 percent of companies said they haven’t been able to go ahead with desired projects due to a low level of expertise and more than 26 percent cited inadequate staffing.

Security job postings have grown 74 percent in the last five years, and this demand is expected to increase by 53 percent in the next three years. Instead of waiting for hoards of new professionals to flood the market, we need to give the existing available workforce the tools to extend themselves.

Threat landscape calling for something more

Even beyond UBA helping companies overcome staffing challenges, the evolving threat landscape demands something more sophisticated. Cybercriminals understand that companies’ perimeter defenses aren’t equipped to handle shifting signatures and entirely new strains of malware. What’s more, it’s increasingly simple to whip up some code to sneak past any firewall or antivirus software. At that point, it can take months for security teams to even detect a data breach, never mind eliminating the attack from their network.

This applies even for teams that are well staffed and full of qualified, experienced analysts. When the opposite is true, having access to technology that can establish baselines for typical behavior to alert analysts when an account veers from those normal access patterns is invaluable.

There’s no straight-line solution to the staffing problem plaguing enterprise IT security teams. Inexperienced workers can’t suddenly gain the resumes they need to be ideal hires. Moreover, the risks necessitating a greater focus on security are only going to get more significant.

Companies need to bring in more security professionals, but they also need to look to other areas to solve this problem. This is where user-behavior analytics can have the biggest impact, making security teams smarter, more efficient and ready to address the challenges of 2016.

More about

Don't miss