Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Maximizing the Effectiveness of Your Behavioral Analytics Service

Detecting and Stopping the Stealthiest Threats With Behavioral Analytics 

Detecting and Stopping the Stealthiest Threats With Behavioral Analytics 

When attackers gain a foothold in the network, they use their privileges to explore their surroundings, expand their realm of control and achieve their ultimate objective: stealing, modifying or destroying sensitive data. Blending in with legitimate users, they can infiltrate organizations and dwell inside networks for months or even years without being detected.

Legacy approaches for detecting these attackers in every corner of the enterprise have placed highly manual operational burdens on security teams. Organizations are often required to integrate security data collected from multiple point products into one place, attempting to find and stop malicious behavior. The result has been a firefighting model: high volumes of alerts are generated that lack the context needed to confirm threats, meaning analysts waste valuable time chasing down additional information rather than stopping attacks.

The amount of technical expertise and people the firefighting approach requires is burdensome; and even once all the required intelligence is collected, teams still need additional resources and expertise to sort through significant and insignificant alerts and then correlate, investigate then block those threats. Understandably, a lot of teams aren’t doing this type of analysis because of the sheer amount of human effort involved, leaving their organizations vulnerable to attacks. This is where emerging methods in the enterprise, such as behavioral analytics and machine learning, come into play, redefining what it means to detect stealthy security incidents and ultimately prevent successful cyberattacks – and as cited in previous research, the use of behavioral analytics will only increase in 2018 and beyond.

However, before deploying behavioral analytics, there are a few key things every security team should consider to maximize effectiveness.

A Unified Security Data Set

Behavioral analytics services need high-quality data from the right locations, ideally available in the cloud. Sensors should be deployed consistently across the cloud, endpoints and network, collecting data into a single unified data set for easy leverage, without requiring additional infrastructure. Having a long line of stand-alone products that do not share data makes running analytics close to impossible, as you may spend more time normalizing information than identifying and blocking threats. Security teams should consider behavioral analytics services that natively have high-quality data gathered over time available via the cloud, endpoint and network.

The Ability to Natively Take Action

The purpose of behavioral analytics is to identify sophisticated and advanced attacks, insider threats, and compromised endpoints with the ability to block them before damage is done. The first step is focusing on the most critical threats by delivering a small number of actionable alerts with the investigative detail needed to verify attacks. Security teams shouldn’t waste time sorting through endless alerts and false positives. Once you understand an attack, there must be a native workflow to automatically block it, which minimizes additional manual effort. When behavioral analytics can enforce protections on the same platform as your networks, you don’t have to stitch things together.

Cloud Delivery

When you think about deployment, the cloud is the ideal delivery mechanism for behavioral analytics. Deploying and managing on-premise infrastructure continues to add complexity to IT operations, but more importantly, it doesn’t allow the agility and scale needed to constantly roll out security innovations. The cloud:

● Offers an incredibly cost-effective way to store the large volumes of data needed for analytics.

● Enables the ability to roll out new algorithms as they arise and constantly improve them based on efficacy.

● Speeds deployment and removes the need to maintain or upgrade on-premise software. 

Behavioral analytics is a powerful tool worth consideration by every organization and should be part of a security team’s posture – not just IT. Security teams are always striving to find new ways of identifying and eliminating advanced attacks, but they struggle to add new capabilities while minimizing the need for additional infrastructure and manual effort. Deploying the technology as part of a platform that integrates sensors, enforcement points and analytics achieves the promise of automation without making operations more complex.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...