Petya Petrova - Fotolia
User behaviour provides the crucial link between security and identity management, according to Martin Kuppinger, founder and principal analyst at KuppingerCole.
“User behaviour analytics [UBA] has reached a reasonable level of maturity, has a potentially high impact on improving security and is a very promising technology,” he told the opening session of the inaugural KuppingerCole Cyber Security Leadership Summit in Berlin.
Instead of focusing only on what is happening in a network, UBA is about users and what they are doing, and analysing that to identify anomalies that can be investigated as potential indicators of risk or threat.
“The good thing about UBA is that unlike many other security technologies, it rarely operates in isolation,” said Kuppinger.
“Most commonly, we find UBA within things like security intelligence platforms, identity governance and administration, endpoint security and endpoint detection and response, data leakage prevention and even cloud access security brokers,” he said.
With the slew of cyber security technologies commonly found within organisations, Kuppinger said it is typically “tough to understand what is happening”, which is essential in the context of modern cyber attacks that often target several layers of the IT stack simultaneous.
“If we look at each layer in insolation, we may miss what is happening, so that is why it is important to be able to look at everything all together, and while we have had security and event management (Siem) systems for some years, they have not included the user element,” he said.
UBA adds identity and behaviour, said Kuppinger. “This provides a new level of insight from the perspective of identity. UBA looks at logs and events in the context of user behaviour and adds advanced analytics and cognitive security to go beyond security information and event management.”
While there is the potential to involve artificial intelligence technologies, Kuppinger said it is more commonly based on statistics and mathematics. “Organisations should be wary of suppliers who make claims about using AI or machine learning in their products,” he said.
By using UBA with identity technolgies, Kuppinger said user behaviour is collected in identity and access management tools, UBA correlates the data and analyses the behaviour of users, the anomalies and risks are identified and delivered to target systems.
“This means an IAM system can step up the level of user authentication where anomalies or risks are detected, and providing insights that are actionable in this way is the hallmark of a good cyber security technology,” he said.
While UBA is the next level up from traditional access intelligence, Kuppinger said some security technology suppliers are now beginning to go a step beyond UBA by providing highly targeted tools such as privileged threat analytics, which is UBA focused on privileged accounts.