Protect your unstructured data with user behavior analytics

User behavior analytics sniffs out anomalies in users' actions and alerts IT security teams of suspicious behavior

Protect your unstructured data with user behavior analytics
Thinkstock

The theft of unstructured data is extremely common. It can be very difficult to safeguard emails and files when a lot of people have access. Even the CIA is not immune, judging by the recent exposure of its hacking tools via WikiLeaks. It’s ironic that the CIA’s hacking guides have been hacked, but it just goes to show how difficult it can be to prevent.

Carelessly handled unstructured data is an easy target, and it can prove very valuable for hackers. Since unstructured data may not be monitored, attacks and successful exfiltrations often go unnoticed for long periods.

For example, the big data breach at Yahoo was only investigated after someone offered to sell millions of accounts on the black market.

Many companies have no idea that they’ve been infiltrated. The global average time between compromise and breach detection is 146 days, according to FireEye. Clearly, there’s a tangible need to cut that down, and user behavior analytics could be the answer.

What is user behavior analytics?

The idea behind user behavior analytics is to establish what normal activity looks like at an organization and to monitor for anything unusual. The focus is firmly on users, and suspicious behavior is flagged so that the IT security team can investigate. Many different actions might be flagged as worthy of further investigation, such as an employee accessing a system at 2 am, suddenly modifying thousands of files or trying to change administrative privileges.

Being able to detect when users access sensitive data is the first step toward securing it properly. The beauty of user behavior analytics is that it’s about keeping a watchful eye on activities that IT security teams are worried about. That might be all activity pertaining to sensitive data, but it can also include mass failed log in attempts, email attachments sent to personal accounts and changes made outside of change control windows.

People are the weakest link in cybersecurity

A lot of time and money we put into information security is centered on software tools, but we know that the weakest link in cybersecurity is employees. It makes a lot of sense to take a closer look at people. Some security incidents can only be detected by analyzing people and their behavior with regard to valuable company data.

A full 88 percent of end users say their job requires them to access and use proprietary information, according to Varonis. Interestingly, 62 percent say they have access to company data they probably shouldn’t see.

Getting into the network through an employee’s account can give a determined attacker access to a lot of unstructured data, some of which will arm them with the ammunition they need to burrow deeper or infiltrate new systems laterally. IT practitioners say insider negligence is more than twice as likely to cause compromise of insider accounts than anything else.

It’s important that we look beyond perimeter defenses. Better firewalls, antivirus software or malware detection are not going to solve the problem, but user behavior analytics could make a real difference.

Uncovering anomalies inside and out

Because user behavior analytics sniffs out anomalies in user behavior, it can determine when a legitimate user’s credentials are being used by an external attacker. But the fact that it quickly identifies any deviation from the norm means it can spot the changes that signal insider theft or sabotage as well. Anything that doesn’t match the usual pattern of daily business sparks an alert.

These kinds of alerts still require an experienced security officer to investigate and assess them, but they can drastically cut down on the time it takes to identify and confirm problems. As user behavior analytics technology improves, it’s likely to encompass more automation and go beyond data breach identification.

All of the best security strategies include a blend of technologies and take a holistic view of the potential risks. The cost of a data breach is so high that it’s essential to take every action at your disposal that might mitigate the risk. Coupled with solid perimeter defenses, user behavior analytics is a powerful asset in the fight against data theft, and it represents an irresistible opportunity for companies to tighten up unstructured data protection. 

The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies.

This article is published as part of the IDG Contributor Network. Want to Join?

New! Download the State of Cybercrime 2017 report