Threat-centric security frameworks need to be supplemented with an approach based on user behavior, which is becoming a critical parameter in understanding organizations' risk postures, says Forcepoint's Maheshwaran S.
"The most vulnerable point that exists in security is when users are accessing critical information that exists outside the organization from an asset unmanaged by IT. That is why it is important to derive the intent as to why the user is accessing information through behavioral analytics," Maheshwaran says in an interview with Information Security Media Group.
User behavioral and entity analytics, or UEBA, can help classify user behavioral anomalies by establishing a baseline for normal behavior for the user and comparing the behavior observed to this baseline as well the baseline for peers and the entire organization, Maheshwaran explains.
This approach can help detect anomalies, which could indicate risk that can then be classified as an ignorant user, a compromised user or a malicious user/insider, he says. Once the intent is determined, organizations can devise specific controls to manage each of these types of behaviors because each will require different strategies to mitigate the risk (see: Gartner's Litan on Endpoint Detection, Behavioral Analytics).
In this interview (see audio player link below image) Maheshwaran talks about:
- The threat vs user-centric approaches to security;
- Nuanced examples of how UEBA augments existing security practices;
- UEBA and proactive, continuing user awareness initiatives.
Maheswaran is director for sales engineering for the APAC Region for the data and insider threat business function at Forcepoint. He has 17 years of experience in information security. He was instrumental in deploying security strategies for several large enterprises across the APAC region.