Menu
unilab heat transfer software blog user behaviour analytics

What is User Behaviour Analytics?

User Behaviour Analytics, or UBA, is an IT security system which, unlike firewalls and antivirus software, focuses on the specific activity of single users. Rather than analysing system logs or perimeter events, this technology is able to build a profile for each individual user and identify any abnormal behaviours.

UBA monitors everything the user does: the applications they open, their online activity and, above all, the files they access (when files or emails are touched, who touched them, what they did with them and how often). Any activity which does not follow this pattern is recognised as a potential violation.

Why user behaviour analytics has become fundamental

Hackers have now become extremely proficient at getting around a system’s perimeter defences. One of the commonest methods of achieving this is phishing. By using this type of strategy, the criminally minded can manipulate the user into providing their personal access credentials.

Once this precious information has been obtained, the cyber-criminal is free to access any part of the system at will. Considering the fact that perimeter defence protection tools are not designed to intervene during internal operations carried out by legitimate users, the hacker can continue undisturbed.

Hackers often use system tools or malware created specifically to avoid detection by anti-virus software, thereby causing huge damage to the company targeted in the attack. It is during this phase that user behaviour analytics becomes extremely valuable in terms of digital security.

Technology like UBA is immediately able to recognise suspicious activity carried out by apparently authorised users, thanks to its ability to generate behavioural models containing detailed information about each user, which a cyber-criminal is unable to obtain.

UBA categories and operation

User behaviour analytics software can be divided into two macro-categories as follows:

  • The first includes all those programs based on analytical tools, which are ‘boxed’ (or defined) by the administrator. One good example could be a sensitive file which is made available on one specific day per week at a pre-established time.
  • In the second category however, the task of deciding which behaviour could be considered normal and which abnormal is totally dependent on an algorithm. It is an analysis based on dynamic, personalised models which, according to expert opinion, offers the best security solution.

The first category is less efficient compared to the second, due to the fact that with boxed rules, the IT administrator needs to have a sort of sixth sense in order to be able to accurately predict the hacker’s behaviour, (which does not exclude an application environment in which the same rules could work well).

As mentioned above, UBAs based on dynamic models are capable of gathering behavioural information about individual users and recognising when they are doing something different from their usual routine, so they are particularly effective when applied to file or email account monitoring.

Should a hacker obtain access to the system, they are likely to open and copy rarely used files or email messages which could contain sensitive or precious data. A dynamic UBA system is capable of detecting and blocking this suspicious activity.

In order for it to work properly, user behaviour analytics must be able to trace the user and make a record of their typical or ‘normal’ behaviour. The software needs to be ‘trained’ in order to identify the distinctive features of that specific user’s activity, via data gathering (such as access to files, login and online activity) and long-term monitoring.

 

Translated by Joanne Beckwith

Alice Sommacal

I am a Project Manager, Journalist, and a Blogger who is Passionate about writing. I believe that in every phrase there is scope for improvement and that every original version of a text should be perfected, by fine-tuning the words until a truly special result is achieved. It is thanks to these views that I have learnt the Difference between being Ordinary and Extraordinary: an abyss, which anyone wishing to satisfy their readers cannot afford to overlook.

→ Alice Sommacal

Related Posts

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only