Analyzing user behavior is crucial for building a better cyber defense

Soma Tah
New Update

Soma Tah


Have you ever left your house keys in the front-door lock? Silly, isn't it? But, just take a look at the major data breaches from the past few years. It seems that although organizations are now prudent enough to put up a strong cyber defense mechanism to protect themselves from attacks, they often tend to overlook the weakest link in their security posture -the human element. This becomes a serious concern as more than targetting loopholes in software, it is often easier for the hackers study people's behavior and use social engineering tactics for carrying out attacks.

Protecting organizations from attacks becomes even more challenging as traditional security perimeters are eroding fast for organizations embracing cloud, mobility, IoT, and a larger geographically dispersed workforce. Hence, security experts insist that rather than building bigger walls, organizations need to take a step back and focus more on getting better visibility into their infrastructure, people, and data first. We spoke to Ajay Dubey, National Manager - Partners & Alliances, Forcepoint to understand why old approaches to security simply don’t work in today's context, and why approaching security from a human-centric view is considered to be more holistic than building walls. Forcepoint’s perspective is interesting as the company acquired a security analytics company, RedOwl last year- whose technology is particularly useful for spotting anomalous user behaviors in real-time.

Better walls or better visibility- which is more important? 


It’s time to rethink cyber security. There is a perception in the industry that better walls provide better safety against cyber threats. The truth is, building walls are the easiest method to ensure data is secured but it comes at a cost. More the number of walls built, the more they will restrict communication with the outside world. Today, with workforce mobility, BYOD, and users increasingly working from home, suddenly those walls have disintegrated – and what’s left are users and data. In the past, organizations simply needed to “secure the perimeter by building walls” but now cloud and mobility are creating a new normal, where there is no defined perimeter.

If you look at the cyber security scenario today, the industry has placed a lot of emphasis on attempting to lock down technology infrastructure that is in a constant state of change. To address this, it is important to focus on the aspect of visibility. At Forcepoint, we look at cybersecurity from a human-centric perspective rather than technology-centric perspective where the focus is to understand human behavior and intent. We employ systems that can effectively secure regulated data everywhere people work, protecting intellectual property with visibility and control over how people create, move, and use data, and adapt those protections based on user risk by analyzing user behavior and the value of the data they touch.

Therefore, in the current security landscape, enterprises need to protect their critical business data and IP wherever it may reside and have an ability to respond to threats as quickly as possible. This is only possible by focusing on visibility.


Are user-centric security postures more effective than threat-centric security postures?

The most fundamental challenge to the future of cybersecurity rests in the ability to control data as it moves in and out of the organization’s possession while employees seek to use it on-demand, everywhere. Instead of emphasizing technology to protect a perimeter that no longer exists, security must focus on the user-centric postures.

The point of interaction between user and data can weaken the most comprehensively designed cybersecurity systems through a single unintentional act or malicious act. To this end, Forcepoint’s “human point” strategy is about understanding how user and content move around the world. It makes the user the focal point of cybersecurity.


If we take an example, a typical lifecycle of any cyber attack consists of seven stages which involve a bunch of vulnerabilities. Between a user and a hacker, there are numerous threats involved which need to be controlled by a user-centric security approach to minimize the threats. Also, a threat-centric security framework needs to be supplemented with an approach based on user behavior, which is becoming a critical parameter in understanding organizations' risk postures. Additionally, user-centric security posture can help classify user behavioral anomalies by establishing a baseline for normal behavior for the user and comparing the behavior observed against this baseline as well the baseline of peers and the entire organization.

How effective is it in dealing with organized attacks scenario? 

A state-sponsored attack or an espionage kind of attack is considered as organized attacks. This is a slightly difficult scenario compared to an attack which is generic in nature and not entity-specific. Criminal syndicates are also called organized syndicates who are well equipped. Every entity should have three things in place to avoid organized attacks like training people against insider threats, keeping various procedures and process in place as a defensive strategy and implementing the latest technologies to analyze and detect a threat.


Can user behavior analytics and machine learning help in plugging the security loopholes? 

A security breach can be a result of three different scenarios. Firstly, through a hacker who has penetrated the organization and implanted a malware in the organization. Second is an insider, a person working in the organization and the third one being the user accidentally triggering an event which results in a security loophole. By observing human behavior and understanding user intent is the key to better security and protection against attacks or data loss. User and Entity Behavior Analytics (UEBA) enables security teams to proactively monitor for high-risk behavior by providing unparalleled context by fusing structured and unstructured data to identify and disrupt malicious, compromised and negligent users. On the other hand, machine learning is a common element which tracks the pattern of data flow in the organization and helps to decide in the policies.

security cyber-security analytics