enterprisesecuritymag

Common Applications of Predictive Security Analytics

Jack Lopez, Director Advance Analytics, PepsiCo

Common Applications of Predictive Security AnalyticsJack Lopez, Director Advance Analytics, PepsiCo

Identity analytics is the proactive front of advanced security analytics, allowing for the elimination of excess access, access outliers, and dormant or orphan accounts before they are compromised or misused, as well as risk-based certifications and intelligent role definition before they are hacked or exploited.

The maturity of a vendor's solution offerings and the breadth of their capabilities are defined by the number of predictive security analytics use cases they provide. Some vendors only offer a small number of use cases, while others are more diverse and extensive in their offers. This article presents an ideal selection of predictive security analytics application cases. User and entity behavior analytics,cloud security analytics, and identity analytics are the three areas of use cases. Also, consider the need to construct unique models for private data and confidential use cases that are typical in the federal, military, and private enterprise deployments.

User and Entity Behavior Analytics (UEBA)

The use cases for UEBA are focused on detecting unforeseen risks and threats that are beyond the capability of rules, signatures, and patterns. These use cases provide predictive risk ratings that trigger warnings, actions, and case tickets by using machine learning models to detect unusual behavior while minimizing false positives. UEBA providers' use cases should draw from big data, leveraging hundreds of attributes utilized in over 2000 machine learning models to ensure optimal and complete capabilities.

Data ingestion should be available via flat file, API, database, message, or streaming inputs, with ready-to-use data connectors for standard enterprise systems and platforms (for example, HR, PAM, IAM, SIEM, AD, databases, vulnerabilities, DLP, networks, threat intelligence, cloud applications/SaaS, physical ID badge systems, authentication, file storage, endpoints, and more). With Hadoop, Hortonworks, Cloudera, and MapR, this level of advanced solution should offer an open choice for big data.

Identity Analytics (IdA)

Understanding the importance of identity compromise and misuse as the core of modern threats is a major worry for security leaders. IdA is the proactive front of advanced security analytics, allowing for the elimination of excess access, access outliers, and dormant or orphan accounts before they are compromised or misused, as well as risk-based certifications and intelligent role definition before they are hacked or exploited. UEBA is the detection and response side of the kill chain, using machine learning algorithms to discover unknown risks and threats early in the kill chain using predictive risk scoring.

IdA is data science that improves IAM and Privileged Access Management (PAM) by employing machine learning models that outperform human capabilities in terms of defining, reviewing, and confirming accounts and access entitlements. Suppose the purpose of UEBA is to profile an identity's accounts, access, and activity. In that case, the goal of IdA is to ensure that this access plane is as small as possible by eliminating any access hazards, access outliers, orphan or dormant accounts, and so on.

Machine learning models enable 360-degree visibility for an identity, accounts, access, and activity and the ability to compare to peer groups and evaluate typical and abnormal access and the nature of the activity, utilizing baselines. Machine learning combined with IdA can drastically reduce an organization's accounts and entitlements. When implementing UEBA and IdA, this is frequently the first phase of a project plan. The goal is to use IdA to clean up the access plane and provide access only where it is needed. Beyond rules, patterns, and signatures, UEBA analysis would be used to detect risks and threats.

Cloud Security Analytics (CSA)

CSA provides comprehensive security analytics for SaaS cloud applications, including IaaS, PaaS, and IDaaS, through an API-based Cloud Access Security Broker (CASB) architecture. In comparison to proxy-based CASB gateways, API cloud integration enables customers with a transparent experience in any location or network on any device. A proxy-based CASB has the benefit of being a chokepoint for shadow IT monitoring and cloud DLP monitoring and controls and monitoring and controls for unsanctioned cloud services that don't provide API visibility. For CASB proxy monitoring, however, device access control must be in line.

As part of the solution architecture to give predictive risk scores for cloud settings where API visibility is not provided, CASB proxy gateways are a critical data source for UEBA and IdA models. In addition, data sources for machine learning behavior models include online, email, and network cloud gateways.

Cloud settings differ from on-premises systems in that SaaS cloud apps provide less data diversity via API than on-premises applications. They do, however, have a higher level of data consistency. While on-premises data diversity is greater, data quality is worse, which influences machine learning behavior models. Using a security paradigm that was designed for on-premises is often incompatible with cloud settings and necessitates changes.

See Also :- Top Enterprise Security Solution Companies
 

Weekly Brief