Behavior Analytics Tools For Cyber-Security

Uploaded on 2016-12-14 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

Enterprises use behavior analytics to detect intrusions that evade preventive technologies such as firewalls, intrusion-prevention systems and antivirus software.

Behavior Analytics is one of the more recent buzzwords in enterprise cybersecurity, with more than 35 vendors competing for customers. Behavior Analytics in cybersecurity can be defined as using software tools to detect patterns of data transmissions in a network that are out of the norm. The theory is that the analytics tool would detect the anomaly and alert IT managers, who would stop the unusual behavior or cyberattack.

Those conventional tools match fingerprints or signatures identified in prior attacks, while behavior analytics tools study and report anomalies that are judged against a baseline of normal behavior. Among the users of behavior analytics is the National Security Agency, which uses the analytics to detect threats to its private cloud system.

The market for behavior analytics tools gained steam in 2015, but is still "immature," according to a report from 451 Research analyst Eric Ogren. Sometimes it's hard to prove how effective the concept is in bolstering security, he noted, and called for more focused proof of concept case studies to demonstrate the value of the tools.

While some are skeptical of the value of behavioral analytics, one company has seen real value. Parchment, a digital credential management service used by thousands of schools, universities and other businesses, deployed an unusual behavior analytics tool in August. Called Enterprise Immune System from vendor Darktrace, the tool relies on machine learning to detect emerging threats inside its network, said Bob Langan, Parchment's vice president of engineering.

Within the Darktrace tool is a visualizer console that allows network technicians to drill down into individual desktops or mobile devices to watch the data packets moving in and out in real time, Langan said "Nothing out there does what this does, especially for how it adapts and lets us detect something new," he added.

"I can replay a security event, narrow it down, watch the points of contention and assess the root cause and take steps to correct it, so that's a lot of benefit and time saved," Langan said.

While it might seem that the Darktrace tool would increase the workload for IT staffers, it has actually reduced the number of security logs they must assess.

Darktrace said a majority of its customers subscribe to the tool with a monthly fee that includes software, hardware and threat intelligence reports prepared by Darktrace threat analysts. Detailed pricing wasn't available, but Darktrace said the price is based on the number of devices connected to the network, the amount of traffic and the network configurations.

Ogren, the analyst at 451 Research, said the Darktrace Enterprise Immune System consists of network appliances that use 300 different measurements of user, device and network activity to detect attacks.

Darktrace uses a mathematical model to group views of a network for analysis, allowing a company to distinguish acceptable new business practices from suspicious activity. Darktrace also makes an industrial version of the product.

Computerworld:              Cognitive Computing: What Can and Can’t Be Done:

 

« Mastercard Hypes Artificial Intelligence
IBM Watson Fights Real-Time Cyber Crime »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

BioCatch

BioCatch

BioCatch uses behavioral biometrics for fraud prevention and detection. Continuous authentication for web and mobile applications to prevent new account fraud.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

Conference on Applied Machine Learning in Information Security (CAMLIS)

Conference on Applied Machine Learning in Information Security (CAMLIS)

CAMLIS is a venue for discussing applied research on machine learning, deep learning and data science in information security.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.

TrustFour

TrustFour

TrustFour is a pioneer in workload and non-human identity security, providing innovative solutions for compliance, remediation, post quantum resiliency, and advanced threat defense.

CyberSentriq

CyberSentriq

CyberSentriq provides an unmatched combination of proactive AI-driven email and web security, advanced data protection, and operational resilience.