Breaking Down Barriers To Effective Cyber Defense with UEBA - Exabeam

Breaking Down Barriers To Effective Cyber Defense with UEBA

Published
March 15, 2017

Recently, the CyberEdge Group released its 2017 Cyberthreat Defense Report, a survey of 1,100 IT security professionals on topics ranging from cyber-attack trends and security investment, to tool effectiveness and security best practices.

Of course there were a lot of interesting findings in this year’s report, however the part that really caught my eye was the chart on “top barriers to establishing an effective cyber threat defense”. As part of the report, respondents were asked to rate which items were the biggest barriers inhibiting their organization from adequately defending themselves against cyber threats.

Here are the results:

This part of the report really resonated with me because I frequently hear many of these same sentiments from prospects as key pain points of their current security programs.  It appears that despite (or perhaps as a byproduct of) an ever increasing investment in security, these problems persist.

Behavioral Analytics Isn’t Just for Detection

When most people think about User and Entity Behavior Analytics (UEBA), they probably think of it as a detection tool.  In fact, this mindset was even proven in the results of the survey. The top 4 reasons for implementing UEBA were detection related. Here’s how the respondents were reportedly using their UEBA tools:

Top UEBA Usages

I’m certainly not going to say that this is the wrong way to think about UEBA. In fact, I’d argue that detection IS the primary function of the technology.  With that said, I also think that the core technology used in effective UEBA tools – machine learning, statistical analysis, behavioral modeling, etc.  – can also have other broader applications that can help streamline security programs and eliminate some of the barriers security practitioners face.

Easing Staffing Shortages

To illustrate my point about UEBA technology, let’s briefly return to the list of barriers I shared above.  On this list, we can see the second highest ranked item on the list was “Lack of Skilled Personnel.”  The problem here is really twofold – there’s too much work for existing staff to handle and we can’t hire enough skilled talent to sufficiently expand our team.  

By reducing workloads through alert prioritization and false positive reduction, streamlining analyst workflows, enriching contextual information about incidents, and automating the creation of incident timelines UEBA is able to greatly increase the productivity of SOC teams. The net result is being able to do more with your existing staff, thus easing hiring pressure to acquire new talent amidst a skills shortage.

Watch Webinar Recording

In our  webinar titled “7 Ways UEBA Breaks Down Barriers in Traditional Cyber Defense”, we take a deeper dive into this example as well as cover six other ways to use UEBA to help streamline security programs by breaking down common barriers.

Watch Now

Recent UEBA Articles
What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Learn what an insider threat is and how they can hurt an org...

Using Advanced Analytics to Detect and Stop Threats [White Paper]

Keeping track of cyber threats isn’t easy. As soon as expe...

Understanding Insider Threat Detection Tools

Every few months, a publicized breach reminds us that standa...

FEMSA Improves Security and Supercharges Their SOC With Exabeam

As a one of Latin America’s largest beverage services and ...

Benefits of Using Exabeam to Augment Your SIEM    

Managing your organization’s security requires you to find...




Recent Information Security Articles
Advanced Analytics Use Case: Detecting Compromised Credentials 

Stolen credentials have been a persistent problem, and organ...

Outcomes Above All: Helping Security Teams Outsmart the Odds

Author: Sherry Lowe, Chief Marketing Officer The world’s g...

Ethical Hacking: Why It’s Important & What Makes a Good Hacker

What Is ethical hacking? Ethical hacking is a practice where...

Understanding Cloud DLP: Key Features and Best Practices

Cloud DLP enables organizations to protect data residing in ...

How Lineas, Europe’s Largest Private Rail Freight Operator Found the Right Cybersecurity Tool

Vital infrastructure has become an area of concern for cyber...

What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Learn what an insider threat is and how they can hurt an org...