In the information security space, there’s no shortage of insight that says increased technology and hardware are needed to combat the loss of information from expensive IT infrastructure. However, the real problems often lie in fallible human beings who’ve been entrusted to maintain the infrastructure and are failing to do so. Meanwhile, it’s costing us dearly. User/entity behavior analytics (UEBA) tools offer a potential means to connect technical innovation directly to behavioral change to make meaningful improvements to the human side of information security. In simple terms, UEBA tools gather information from other systems like security information and event management (SIEMs) and data loss protection (DLP) systems (among others) to identify patterns and signs (or anomalies) that reveal any potential bad actors in the IT environment. In the information security community, we’re typically talking about malware or system vulnerabilities but UEBA can also help us identify problematic human insiders, both the malicious and the ignorant kind. The ability to identify insider threats using UEBA is great, but identifying is not enough – infosec professionals need to take it a step further. UEBA and other tools are great at identifying and addressing symptoms of technical failure (such as compromising malware), but they’ve really only started to tap their capacity to track and respond to human failure. If security practitioners can connect up the technical intelligence of UEBA tools with high-quality learning experiences, we can begin to directly address human missteps and deliver training that addresses these behavioral anomalies. Granted, IT security folks already employ things like phishing simulations, which do a great job of identifying employees who put their organization at risk by clicking on (fake) phishing attempts. Once you’ve identified those who fall victim, you can easily target them with just-in-time training, aiming to improve their performance and discretion when it comes to malicious emails. Imagine doing the same thing with UEBA, which can identify and address real risk-related human behaviors associated with phishing, data classification, access control, password reuse, etc. and deliver training to gently (or firmly!) guide employees back to safer behaviors—the very same problems that boring policies and lengthy security awareness training courses try to correct. Is it possible to “tune” UEBA systems to identify these kinds of triggers? The leading companies already are via the use of both rules-based algorithms and machine learning. Pair these risk triggers with a flexible deployment of short, engaging, just-in-time training (not lengthy, boring PowerPoint decks), and now you’ve got a system where you train those who need it and stop wasting the time of those who don’t.
About the Author: Tom Pendergast is the chief architect of MediaPro’s Adaptive Architecture™ approach to analyze, plan, train, and reinforce to deliver comprehensive awareness programs in the areas of information security, privacy, and corporate compliance. Tom has a Ph.D. in American Studies from Purdue University and is the author or editor of 26 books and reference collections. Tom has devoted his entire career to content and curriculum design, first in print, as the founder of Full Circle Editorial, then in learning solutions with MediaPro. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
