Breaking Down Barriers To Effective Cyber Defense with UEBA - Exabeam

Breaking Down Barriers To Effective Cyber Defense with UEBA

March 15, 2017

Orion Cassetto

Recently, the CyberEdge Group released its 2017 Cyberthreat Defense Report, a survey of 1,100 IT security professionals on topics ranging from cyber-attack trends and security investment, to tool effectiveness and security best practices.

Of course there were a lot of interesting findings in this year’s report, however the part that really caught my eye was the chart on “top barriers to establishing an effective cyber threat defense”. As part of the report, respondents were asked to rate which items were the biggest barriers inhibiting their organization from adequately defending themselves against cyber threats.

Here are the results:

This part of the report really resonated with me because I frequently hear many of these same sentiments from prospects as key pain points of their current security programs.  It appears that despite (or perhaps as a byproduct of) an ever increasing investment in security, these problems persist.

Behavioral Analytics Isn’t Just for Detection

When most people think about User and Entity Behavior Analytics (UEBA), they probably think of it as a detection tool.  In fact, this mindset was even proven in the results of the survey. The top 4 reasons for implementing UEBA were detection related. Here’s how the respondents were reportedly using their UEBA tools:

Top UEBA Usages

I’m certainly not going to say that this is the wrong way to think about UEBA. In fact, I’d argue that detection IS the primary function of the technology.  With that said, I also think that the core technology used in effective UEBA tools – machine learning, statistical analysis, behavioral modeling, etc.  – can also have other broader applications that can help streamline security programs and eliminate some of the barriers security practitioners face.

Easing Staffing Shortages

To illustrate my point about UEBA technology, let’s briefly return to the list of barriers I shared above.  On this list, we can see the second highest ranked item on the list was “Lack of Skilled Personnel.”  The problem here is really twofold – there’s too much work for existing staff to handle and we can’t hire enough skilled talent to sufficiently expand our team.  

By reducing workloads through alert prioritization and false positive reduction, streamlining analyst workflows, enriching contextual information about incidents, and automating the creation of incident timelines UEBA is able to greatly increase the productivity of SOC teams. The net result is being able to do more with your existing staff, thus easing hiring pressure to acquire new talent amidst a skills shortage.

Watch Webinar Recording

In our  webinar titled “7 Ways UEBA Breaks Down Barriers in Traditional Cyber Defense”, we take a deeper dive into this example as well as cover six other ways to use UEBA to help streamline security programs by breaking down common barriers.

Watch Now

Recent UEBA Articles

Insider Threat Examples: 3 Famous Cases and 4 Preventive Measures

Read More

An Outcome-based Approach to Use Cases: Solving for Lateral Movement

Read More

What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Read More

Using Advanced Analytics to Detect and Stop Threats [White Paper]

Read More

Understanding Insider Threat Detection Tools

Read More

Recent Information Security Articles

Exabeam Fusion XDR and Exabeam Fusion SIEM now available in Google Cloud Marketplace

Read More

Cloud SIEM: Features, Capabilities, and Advantages

Read More

Ransomware: Prevent, Detect and Respond

Read More

MITRE ATT&CK Update Covers Insider Threat Attack Techniques

Read More

Exabeam Adds Automated Incident Diagnosis to Speed Investigations

Read More