October 5, 2017 by Rodolfo Melgoza
The advantages of User and Entity Behavior Analytics (UEBA) are very clear. Unfortunately, the process to deploy and manage most UEBA solutions is so complex that the vast majority of organizations are simply unable to install and use it. The good news is that security solution vendors are starting to embed UEBA within their products. This makes it a native feature that all companies can benefit from.
Historically, many large enterprises, with their own security operations center (SOC) and deep expertise in cybersecurity, have successfully adopted UEBA. But even for these well-funded companies, the complexities involved with UEBA can make it challenging. Smaller firms that lack a team of dedicated security specialists don’t have the resources necessary to install and administer a UEBA solution.
There are a number of factors that have made traditional UEBA solutions complex and difficult to install and manage. Most UEBA systems are offered only as a stand-alone solution that need to be deployed, set up, managed, and maintained by the customer. Administration typically occurs via the UEBA’s own, proprietary console and cannot be performed through the other systems the organization already has in place. This creates complexity and delay, as analysts must consistently maintain a separate UEBA solution, and monitor and analyze its output to extract value. When a useful insight is spotted, it’s up to the customer to manually make adjustments to enforcement points or policies to effectively handle a threat.
To make the most of the insights and intelligence provided by UEBA, organizations need the staff and expertise of a robust insider threat program. Unfortunately, as already noted, most organizations don’t have well-staffed SOCs. Without the necessary bandwidth and resources to add yet another device to their environment, most companies don’t even try to get the benefits that behavioral analytics can offer.
To enable wide-spread adoption of behavioral analytics, UEBA needs to be integrated directly within an organization’s existing security solutions and infrastructure—such as their firewalls, intrusion detection, SIEM, and other security systems. Fortunately, this is now starting to occur. Fortscale’s new Presidio technology enables security vendors to easily incorporate Fortscale’s advanced behavioral analytics engine into their security platforms. This approach brings the benefits of UEBA to many more organizations, not just those with a large security staff. Organizations will enjoy the features of UEBA from within their existing security systems, avoiding the complexities and added burden of deploying and administering a separate product, and then manually applying the insights to the security enforcement points.
By bringing UEBA inside the existing infrastructure as a native feature, the onus is no longer on the customer to extract value from behavioral analytics – instead, the organization will automatically reap the benefits of a security infrastructure that is better able to uncover hard to spot risks and respond more effectively.