enterprisesecuritymag

An Insight into Two Major Predictive Security Analytics Use Cases

Enterprise Security Magazine | Wednesday, September 22, 2021

An Insight into Two Major Predictive Security Analytics Use Cases User and entity behavior analytics providers should draw on large data to provide optimal and full capabilities, utilizing hundreds of attributes used in over 2000 machine learning models.

FREMONT, CA: The amount of predictive security analytics use cases provided by a vendor defines the maturity of their solution offerings and the depth of their capabilities. Some providers only provide a limited number of use cases, while others offer a broader and comprehensive set of services. This article provides an insight into the predictive security analytics use cases.

User and Entity Behavior Analytics (UEBA) and Identity Analytics (IdA) are the two use cases. Consider the requirement for, and ability to build, custom models for private data and confidential use cases that are common in federal, military, and private-sector deployments.

User and Entity Behavior Analytics (UEBA)

The use cases for UEBA are targeted at detecting unforeseen dangers and threats that rules, signatures, and patterns cannot detect. These use cases leverage machine learning models to detect anomalous activity and minimize false positives, resulting in predictive risk assessments that trigger warnings, actions, and case tickets. UEBA providers should draw on large data to provide optimal and full capabilities, utilizing hundreds of attributes used in over 2000 machine learning models.

Data ingestion should be available via flat file, database, API, message, or streaming inputs, with ready-to-use data connectors for common enterprise systems and platforms (for example, databases, networks, DLP, threat intelligence, vulnerabilities, cloud applications/SaaS, physical ID badge systems, authentication, file storage, endpoints, and more). With Hortonworks, Hadoop, MapR, and Cloudera, this level of advanced solution should offer an open choice for big data.

Identity Analytics (IdA)

The major vulnerability of an organization is Identity and Access Management (IAM). For security leaders, understanding the importance of identity compromise and exploitation as the core of modern threats is critical. IdA is the proactive side of advanced security analytics, allowing for the removal of access outliers, excess access, orphan or dormant accounts, and risk-based certifications, and intelligent role definition before they are compromised or misused, before they are compromised or misused.

The discovery and response side of the kill chain is UEBA, which uses machine learning algorithms to find new hazards and threats early in the kill chain using predictive risk scoring. IdA is a type of data science that improves IAM and Privileged Access Management (PAM) by using machine learning models that outperform human capabilities to define, review, and confirm accounts and access entitlements. Assume the goal of UEBA is to create a profile of an identity's accounts, access, and behavior. In that circumstance, IdA's purpose is to keep this access plane as narrow as possible by removing any access dangers, outliers, orphan or dormant accounts, and so on.

Check out: Top Vulnerability Management Companies

See Also: Top IAM solution Companies