Actionable Insights: The Disruption of Behavioral Analytics
The Broken Promise of Behavioral Analytics
Dynamic User Protection IOB Overview
Applied behavioral analytics have fallen short in terms of scalability and producing actionable insights. As security analytics followed the footsteps of other implementations of big data analysis, the market settled on centralized analytics where data is collected and sent to a single location for examination. This approach requires an immense hardware footprint, and consistent, time-consuming tweaks to highly customized policies.
No doubt that applying modern analytics techniques to security log data has resulted in net positives in terms of detection capabilities. The problem has been that these capabilities have been reserved for only the largest and most well-equipped organizations in the world, yet issues have persisted.
All in all, the practice of maintaining a centralized analytics engine is neither scalable nor practical for the modern IT landscape. According to recent Gartner research, by 2021 the market for standalone behavioral analytics will cease to exist as it is replaced by embedded analytics tools, highlighting the disruption occurring in this space.
For other uses of data analytics, such as finance or marketing, insights may retain their value for weeks or even months. However, in security, more specifically data loss prevention, the lifespan is seconds. If insights are not delivered in an actionable format in a timely manner, they are reduced to reactive notifications.
Before we touch on individual capabilities, it is paramount to grasp that no matter how well configured the enterprise environment, people remain the unpredictable, independent variable. Employees must get their job done effectively AND securely. Compromising productivity in the name of security is no longer acceptable. Yet most security solutions ignore people as if they are an unnecessary detail, rather than the focal point.
Compromising Productivity in the Name of Security is no Longer an Option
With deep experience in the realms of behavioral analytics and data loss prevention, we set out to solve these problems by reducing the complexity of data collection, normalization, and analysis. We deliver insights that vastly improve analyst efficiency and automate data loss polices with risk-based thresholds. Our approach is built around these core areas:
How Forcepoint’s Approach Differs
- Analytics Architecture – Dynamic User Protection was designed around a distributed model which leverages endpoint level analytics to enable real-time detection and automated policy enforcement at the source.
- Autopilot – The collective pre-configured capabilities that take place on the individual’s machine are referred to as Autopilot. This includes pre-configured policies for activity monitoring, data normalization, analysis, and risk calculation. The key factor being all of this takes place on the endpoint, meaning as soon as risky activities occur, automated policies adjust to mitigate loss.
- Indicators of Behavior (IOBs) –This concept refers to analytic models used to identify behaviors and unlock intent with a high degree of confidence. IOBs apply context to events, which provides analysts with a narrative of user activity, removing the grey area and guess work from investigations.
For a deeper look into the functionality of Dynamic User Protection, download the DUP Overview IOB Datasheet
This post was first first published on Forcepoint website by Austin Zide. You can view it by clicking here