Behavior Analytics Tools For Cyber-Security

Enterprises use behavior analytics to detect intrusions that evade preventive technologies such as firewalls, intrusion-prevention systems and antivirus software.

Behavior Analytics is one of the more recent buzzwords in enterprise cybersecurity, with more than 35 vendors competing for customers. Behavior Analytics in cybersecurity can be defined as using software tools to detect patterns of data transmissions in a network that are out of the norm. The theory is that the analytics tool would detect the anomaly and alert IT managers, who would stop the unusual behavior or cyberattack.

Those conventional tools match fingerprints or signatures identified in prior attacks, while behavior analytics tools study and report anomalies that are judged against a baseline of normal behavior. Among the users of behavior analytics is the National Security Agency, which uses the analytics to detect threats to its private cloud system.

The market for behavior analytics tools gained steam in 2015, but is still "immature," according to a report from 451 Research analyst Eric Ogren. Sometimes it's hard to prove how effective the concept is in bolstering security, he noted, and called for more focused proof of concept case studies to demonstrate the value of the tools.

While some are skeptical of the value of behavioral analytics, one company has seen real value. Parchment, a digital credential management service used by thousands of schools, universities and other businesses, deployed an unusual behavior analytics tool in August. Called Enterprise Immune System from vendor Darktrace, the tool relies on machine learning to detect emerging threats inside its network, said Bob Langan, Parchment's vice president of engineering.

Within the Darktrace tool is a visualizer console that allows network technicians to drill down into individual desktops or mobile devices to watch the data packets moving in and out in real time, Langan said "Nothing out there does what this does, especially for how it adapts and lets us detect something new," he added.

"I can replay a security event, narrow it down, watch the points of contention and assess the root cause and take steps to correct it, so that's a lot of benefit and time saved," Langan said.

While it might seem that the Darktrace tool would increase the workload for IT staffers, it has actually reduced the number of security logs they must assess.

Darktrace said a majority of its customers subscribe to the tool with a monthly fee that includes software, hardware and threat intelligence reports prepared by Darktrace threat analysts. Detailed pricing wasn't available, but Darktrace said the price is based on the number of devices connected to the network, the amount of traffic and the network configurations.

Ogren, the analyst at 451 Research, said the Darktrace Enterprise Immune System consists of network appliances that use 300 different measurements of user, device and network activity to detect attacks.

Darktrace uses a mathematical model to group views of a network for analysis, allowing a company to distinguish acceptable new business practices from suspicious activity. Darktrace also makes an industrial version of the product.

Computerworld:              Cognitive Computing: What Can and Can’t Be Done:

 

« Mastercard Hypes Artificial Intelligence
IBM Watson Fights Real-Time Cyber Crime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

VigiTrust

VigiTrust

VigiTrust is a security firm specializing in cloud based eLearning programs, security compliance portals and providing security assessments.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Sencode Cyber Security

Sencode Cyber Security

Sencode provides a range of IT security solutions and services, including penetration testing and cyber awareness training to help mitigate the growing risks to your corporate infrastructure.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (formerly SecurityMadeIn.lu) is the backbone of leading-edge cyber resilience in Luxembourg.

Hurricane Labs

Hurricane Labs

Hurricane Labs is a managed security services provider (MSSP) that focuses on Splunk.