Actionable Insights: The Disruption of Behavioral Analytics
Forcepoint recently released Dynamic User Protection. For us, it marks a major milestone in our vision of human-centric security. This transformative cloud-based User Activity Monitoring solution provides actionable insights and automated responses for risky behavior.
Before we explore the functionality that comprises DUP, let’s turn our attention to the track record of behavioral analytics in security and the problems we have set out to solve.
The Broken Promise of Behavioral Analytics
No doubt that applying modern analytics techniques to security log data has resulted in net positives in terms of detection capabilities. The problem has been that these capabilities have been reserved for only the largest and most well-equipped organizations in the world, yet issues have persisted.
Applied behavioral analytics have fallen short in terms of scalability and producing actionable insights. As security analytics followed the footsteps of other implementations of big data analysis, the market settled on centralized analytics where data is collected and sent to a single location for examination. This approach requires an immense hardware footprint, and consistent, time-consuming tweaks to highly customized policies.
For other uses of data analytics, such as finance or marketing, insights may retain their value for weeks or even months. However, in security, more specifically data loss prevention, the lifespan is seconds. If insights are not delivered in an actionable format in a timely manner, they are reduced to reactive notifications.
All in all, the practice of maintaining a centralized analytics engine is neither scalable nor practical for the modern IT landscape. According to recent Gartner research, by 2021 the market for standalone behavioral analytics will cease to exist as it is replaced by embedded analytics tools, highlighting the disruption occurring in this space.
Compromising Productivity in the Name of Security is no Longer an Option
Before we touch on individual capabilities, it is paramount to grasp that no matter how well configured the enterprise environment, people remain the unpredictable, independent variable. Employees must get their job done effectively AND securely. Compromising productivity in the name of security is no longer acceptable. Yet most security solutions ignore people as if they are an unnecessary detail, rather than the focal point.
How Forcepoint’s Approach Differs
With deep experience in the realms of behavioral analytics and data loss prevention, we set out to solve these problems by reducing the complexity of data collection, normalization, and analysis. We deliver insights that vastly improve analyst efficiency and automate data loss polices with risk-based thresholds. Our approach is built around these core areas:
- Analytics Architecture – Dynamic User Protection was designed around a distributed model which leverages endpoint level analytics to enable real-time detection and automated policy enforcement at the source.
- Autopilot – The collective pre-configured capabilities that take place on the individual’s machine are referred to as Autopilot. This includes pre-configured policies for activity monitoring, data normalization, analysis, and risk calculation. The key factor being all of this takes place on the endpoint, meaning as soon as risky activities occur, automated policies adjust to mitigate loss.
- Indicators of Behavior (IOBs) –This concept refers to analytic models used to identify behaviors and unlock intent with a high degree of confidence. IOBs apply context to events, which provides analysts with a narrative of user activity, removing the grey area and guess work from investigations.
For a deeper look into the functionality of Dynamic User Protection, download the DUP Overview IOB Datasheet