User behavioral analytics offerings help organizations understand what regular, normal behavior looks like for their systems and infrastructure in order to detect real-time abnormal behavior. Johna Till Johnson, CEO of Nemertes Research, dives deeper in this webcast transcript.
User behavioral analytics [is] a cool product category. I'm particularly interested in this at the moment. What it does is automatically generate[s] a baseline of normal behavior for the systems and the infrastructure, not just the users -- the name is belied a little bit -- and then can tell you in real time when something is happening that's not normal.
And the emphasis here is in real time. If you're looking backward, it's not helpful. If you can find out immediately that something's going on that's not right, the first thing that happens is you can shut down that user, you can shut down that system and then investigate further. This is incredibly powerful, because it allows you to halt attackers in their tracks.
A bunch of companies make this. There are more emerging every day. ... There are guys like Allure Security that are showing up. [These companies are] definitely worth considering if you've got the rest of your security infrastructure solidly in place.
In other words, if you've already got SIEM [security information and event management], if you've already got secure Web gateways, if you've already got firewalls, you've already got endpoint security, it's a great idea to layer user behavioral analytics on top of that, so that you can get that real-time responsiveness and reactiveness.
And what you're going to see is that these tools [will be] increasingly integrated into a lot of the other infrastructure in your organization, so that you [will be able to] in fact stop something in its tracks. You [will be able to] immediately tell the firewall, 'Wait a second. These bits don't look right. Stop. Stop sending them.' Or tell the secure Web gateways, 'Terminate this session immediately. Something's going wrong.'
And that [will allow] you to give that instantaneous response -- instantaneous, and increasingly, though not exclusively, automated, which means that your environment can respond faster to an infection than you could [before], so that by the time you find out about it, you find out that something's already been halted. That's the Holy Grail here. We're not there yet, but that's certainly where it's headed.