Behavior Analytics Tools For Cyber-Security

Enterprises use behavior analytics to detect intrusions that evade preventive technologies such as firewalls, intrusion-prevention systems and antivirus software.

Behavior Analytics is one of the more recent buzzwords in enterprise cybersecurity, with more than 35 vendors competing for customers. Behavior Analytics in cybersecurity can be defined as using software tools to detect patterns of data transmissions in a network that are out of the norm. The theory is that the analytics tool would detect the anomaly and alert IT managers, who would stop the unusual behavior or cyberattack.

Those conventional tools match fingerprints or signatures identified in prior attacks, while behavior analytics tools study and report anomalies that are judged against a baseline of normal behavior. Among the users of behavior analytics is the National Security Agency, which uses the analytics to detect threats to its private cloud system.

The market for behavior analytics tools gained steam in 2015, but is still "immature," according to a report from 451 Research analyst Eric Ogren. Sometimes it's hard to prove how effective the concept is in bolstering security, he noted, and called for more focused proof of concept case studies to demonstrate the value of the tools.

While some are skeptical of the value of behavioral analytics, one company has seen real value. Parchment, a digital credential management service used by thousands of schools, universities and other businesses, deployed an unusual behavior analytics tool in August. Called Enterprise Immune System from vendor Darktrace, the tool relies on machine learning to detect emerging threats inside its network, said Bob Langan, Parchment's vice president of engineering.

Within the Darktrace tool is a visualizer console that allows network technicians to drill down into individual desktops or mobile devices to watch the data packets moving in and out in real time, Langan said "Nothing out there does what this does, especially for how it adapts and lets us detect something new," he added.

"I can replay a security event, narrow it down, watch the points of contention and assess the root cause and take steps to correct it, so that's a lot of benefit and time saved," Langan said.

While it might seem that the Darktrace tool would increase the workload for IT staffers, it has actually reduced the number of security logs they must assess.

Darktrace said a majority of its customers subscribe to the tool with a monthly fee that includes software, hardware and threat intelligence reports prepared by Darktrace threat analysts. Detailed pricing wasn't available, but Darktrace said the price is based on the number of devices connected to the network, the amount of traffic and the network configurations.

Ogren, the analyst at 451 Research, said the Darktrace Enterprise Immune System consists of network appliances that use 300 different measurements of user, device and network activity to detect attacks.

Darktrace uses a mathematical model to group views of a network for analysis, allowing a company to distinguish acceptable new business practices from suspicious activity. Darktrace also makes an industrial version of the product.

Computerworld:              Cognitive Computing: What Can and Can’t Be Done:

 

« Mastercard Hypes Artificial Intelligence
IBM Watson Fights Real-Time Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Hong Kong Broadband Network (HKBN)

Hong Kong Broadband Network (HKBN)

HKBN are a leading integrated telecom and technology solutions provider that offers a comprehensive range of premier ICT services to both the enterprise and residential markets.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.