We're excited to be included in Michael Santarcangelo's piece at CSO Online,where he explains the importance of gathering good behavioral analytics to detect what's the latest Verizon DBIR claimed to be no. 1 threat vector: compromised credentials. Michael discusses what's new in the field of user behavior analytics.
Our own Matt Hathaway @mhathawa explains in this item how detection of malicious behavior could only be effective if you understand normal. Modern behavior analysis systems look for two or more indicators instead of the old systems that used to rely on a single behavior.
For example, in previous approaches, one or more people logging into their systems at odd hours of the evening would be a flag of potential misuse or compromise. Current technologies are able to take into account location, timing, activities of multiple people and use that to consider if the behavior is deviating from the baseline enough to warrant action. And they learn -- including when not to alert -- in the process.
That makes the detection more accurate and relevant, with fewer false positives.