Behavior Analytics Tools For Cyber-Security

Uploaded on 2016-12-14 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

Enterprises use behavior analytics to detect intrusions that evade preventive technologies such as firewalls, intrusion-prevention systems and antivirus software.

Behavior Analytics is one of the more recent buzzwords in enterprise cybersecurity, with more than 35 vendors competing for customers. Behavior Analytics in cybersecurity can be defined as using software tools to detect patterns of data transmissions in a network that are out of the norm. The theory is that the analytics tool would detect the anomaly and alert IT managers, who would stop the unusual behavior or cyberattack.

Those conventional tools match fingerprints or signatures identified in prior attacks, while behavior analytics tools study and report anomalies that are judged against a baseline of normal behavior. Among the users of behavior analytics is the National Security Agency, which uses the analytics to detect threats to its private cloud system.

The market for behavior analytics tools gained steam in 2015, but is still "immature," according to a report from 451 Research analyst Eric Ogren. Sometimes it's hard to prove how effective the concept is in bolstering security, he noted, and called for more focused proof of concept case studies to demonstrate the value of the tools.

While some are skeptical of the value of behavioral analytics, one company has seen real value. Parchment, a digital credential management service used by thousands of schools, universities and other businesses, deployed an unusual behavior analytics tool in August. Called Enterprise Immune System from vendor Darktrace, the tool relies on machine learning to detect emerging threats inside its network, said Bob Langan, Parchment's vice president of engineering.

Within the Darktrace tool is a visualizer console that allows network technicians to drill down into individual desktops or mobile devices to watch the data packets moving in and out in real time, Langan said "Nothing out there does what this does, especially for how it adapts and lets us detect something new," he added.

"I can replay a security event, narrow it down, watch the points of contention and assess the root cause and take steps to correct it, so that's a lot of benefit and time saved," Langan said.

While it might seem that the Darktrace tool would increase the workload for IT staffers, it has actually reduced the number of security logs they must assess.

Darktrace said a majority of its customers subscribe to the tool with a monthly fee that includes software, hardware and threat intelligence reports prepared by Darktrace threat analysts. Detailed pricing wasn't available, but Darktrace said the price is based on the number of devices connected to the network, the amount of traffic and the network configurations.

Ogren, the analyst at 451 Research, said the Darktrace Enterprise Immune System consists of network appliances that use 300 different measurements of user, device and network activity to detect attacks.

Darktrace uses a mathematical model to group views of a network for analysis, allowing a company to distinguish acceptable new business practices from suspicious activity. Darktrace also makes an industrial version of the product.

Computerworld:              Cognitive Computing: What Can and Can’t Be Done:

 

« Mastercard Hypes Artificial Intelligence
IBM Watson Fights Real-Time Cyber Crime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

Mesh Security

Mesh Security

Mesh Security transforms security data, tools, and infra for enterprise-wide visibility and control.