Gartner: Role of Analytics in Security is Growing

(bluebay/Shutterstock)

As corporate and, more recently, university IT networks are bombarded with malicious code and other forms of cyber attacks, network managers are being forced to rely more heavily on a range of emerging security technologies to monitor suspicious activity on networks and cloud infrastructure.

Among the leading approaches to infrastructure security are tools for securing cloud access along with “endpoint” solutions designed detect and respond to breaches along with signature-based approaches to funding off malware. Increasingly, however, user and behavioral analytics are playing a larger role in defending networks much as security information and event management (SIEM) enable broad security monitoring.

According to a ranking of top information security technologies released at a security conference sponsored by market analyst Gartner Inc. (NYSE: IT), user and entity behavioral analytics (UEBA) is emerging as a leading information security technology for embattled IT managers. “UEBA provides user-centric analytics around user behavior, but also around other entities such as endpoints, networks and applications. The correlation of the analyses across various entities makes the analytics’ results more accurate and threat detection more effective,” Gartner noted in releasing its list of top information security technologies this week.

Another promising approach called “micro-segmentation and flow visibility” uses, among other things, visualization tools to monitor networks, set security policies and look for deviations to those policies. A variation on this approach encrypts network traffic between workloads for the protection of data in motion while providing cryptographic isolation between workloads, Gartner explained.

“Information security teams and infrastructure must adapt to support emerging digital business requirements, and simultaneously deal with the increasingly advanced threat environment,” Neil MacDonald, a Gartner vice president, told the security conference. “Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk.”

A version of the UEBA approach based on machine learning techniques was showcased at the Gartner conference this week by a Silicon Valley security intelligence firm implementing a new approach to detecting ransomware. These attacks involve accessing a network and encrypting shared files and other critical data. Attackers then demand payment, usually in the form of tens of thousands dollars converted to bitcoins, for the keys to unscramble data.

An early warning system developed by Exabeam uses UEBA techniques to spot ransomware activity on corporate networks without relying on third-party security controls. The machine language platform also can spot suspicious activity within cloud services, servers and, increasingly, personal devices connected to corporate and other enterprise IT infrastructure.

Growing threats, especially the spread of ransomware attacks from hospitals to universities and other enterprises, has security officials predicting more attacks with greater sophistication as more devices are connected via an emerging Internet of Things. Cloud platforms also are seen as particularly ripe for attacks, prompting one Intel Corp. security executive to deliver a presentation during the Gartner conference titled: “Prediction 2017: “I survived a ransomware attack in my cloud!”

Recent items:

Machine Learning Enlisted to Fight Ransomware

Why Machine Learning is Our Last Best Hope For Cybersecurity