In a recent conversation with a colleague in the UK, Johan Dreyer, (Mimecast Email Security Director); we discussed an interesting angle on the future of data security for the individual user. That of utilizing User Behavior Analytics (UBA) as a means of protection from impostor access.
The Real Enterprise Problem
Often times we think of UBA as a tool for company’s (governments, etc.) to watch employee access for patterns. Solutions that do this (like Veriato’s Employee Investigation Software) are looking to profile the users with the hope of detecting insider threats. Had such a solution been in use when Ed Snowden decided to walk in one day and download tons of documentation; they would have surrounded his chair before he took off with USB sticks filled with sensitive information. Keep in mind that he shouldn’t have had access to in the first place as a consultant (which is a whole different problem). Regardless of whether you consider Snowden a hero or villain the fact is that your job, if it happens to be IT security, is over if an employee pulls a “Snowden”. And being that we cannot watch everything all at once we need UBA solutions to assist.
UBA solutions would see that Mary, on any given day will download 10 to 15 documents. So if someone logs in with Mary’s account (be it Mary or an imposter) and starts downloading 1000’s of documents (cue the sirens!) a rapid response by IT is possible. Going beyond basic download patterns, advanced UBA solutions can also look at the “tone” and content of a user’s emails to determine a malicious spirit forming that might lead to a threat to data. Now some folks may feel this is truly Big Brother in the house, but without it you have zero chance of monitoring for a behavioral shift and reacting swiftly.
There are a variety of solid third party solutions to analyze user behavior both on-premises and in the cloud for an organization. Even Microsoft has jumped in on the need for greater security analytics by launching the Office 365 Secure Store. This monitors 75+ different Office 365 weak points from user behavior to your security settings and so forth and then ultimately provides a score and suggestions on improving.
Now we keep talking about this problem as if it is a company/organizational issue that should be handled at a C-Level meeting. But what about YOU, the individual end user? When do you take a firm grip on your own digital identity and start protecting yourself? And how would you do it?
In the future Big Brother is watching you. And you like it. And you’re paying for it.
That’s where UBA for individuals can find its footing. It watches you. Now there are solutions out there that already watch your name/SS# and so forth to try and prevent identity theft (ie. LifeLock). And on the financial side we need someone watching all the time, we pay for it! But what about our data? It’s not only our identities that are at risk, our data is a prime target.
Note: Just last week Symantec acquired LifeLock and announced their plans to join efforts toward a comprehensive digital safety platform solution “for consumers who face an onslaught of new risks every day”. The solution is yet to be developed, but it sounds like an evolution into individual UBA.
Yes, pretty soon individuals will be paying for additional layers of digital security. And the key to it will be greater insight into our day-to-day behavioral routines regarding shopping, social networking, and other digital access we may be connected with. We’ll welcome the help to avoid becoming a victim.
Azure Identity Protection is another great Microsoft product that helps detect anomalous activity: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identity-protection-risk-events