User Behavior Analytics (UBA): key applications for cybersecurity

While User Behavior Analytics (UBA) is not a new concept, its applications are multiplying as Machine Learning becomes more mature. By associating Machine Learning and Big Data, UBA updates the patterns (reference models) and detects any deviation that is potentially dangerous for the information system.

What is User Behavior Analytics?

User Behavior Analytics is a category of applications that analyzes the user’s behavior and detects abnormal and potentially malicious actions. This behavioral analysis, which can be applied to all users, particularly those located within the organization’s network, is part of Zero Trust policy, which aims to trust no one, including logged-in users who have entered the organization’s perimeter defenses.

The main feature of User Behavior Analytics lies in the prediction and therefore the annihilation of any potential threat even before it becomes effective. It is through data analysis and automatic learning that UBA applications will be able to evolve and carry out their mission of protecting the information system.

Which applications for UBA?

User Behavior Analytics applications can identify usurped accounts through the analysis of deviant behavior compared to a known reference print (in some cases, of the user, in other cases, of a user profile) or detect malicious actions of a legitimate user.

Continuous authentication, which consists of guaranteeing the user’s identity in real time based on his behavioral print, the way he uses the mouse and keyboard, allows us to respond to the first scenario: identity theft. In this case, it is not the actions that are analyzed, but rather the mouse movements, clicking habits or keyboard typing speed. This analysis validates the identity of the user in a very fine detail, even if the user does not perform an abnormal action or one that is considered dangerous for the organization.

The advantage of continuous authentication, which is based on behavioral biometrics, is the speed of detection of the illegitimate user: after a few tens of seconds of using the mouse and keyboard, the solution will block his session or ask him to re-authenticate, even if he has not committed any malicious action or deviated from what is considered “normal” use with regard to a user or a user profile. Ultimately, this is a form of “passwordless” authentication, an authentication that is transparent to the user: when users use the application, they are permanently authenticated without being intrusive. A transparent, natural and continuous user authentication is likely to make the user’s life and experience easier and therefore make the user the actor of his cybersecurity.

Which users is the UBA intended for?

User Behavior Analytics is intended for all types of users: internal collaborators and external service providers, whether they access the organization’s information system and applications from a controlled or uncontrolled network, via a professional or personal workstation. But it is for privileged users that the UBA is most relevant: they have information system administration rights and access to critical resources. Any compromise from this type of user could seriously harm the organization.

With this in mind, Systancia has integrated its continuous authentication solution, Systancia Cleanroom Authograph, to its PAM (Privileged Access Management) product, Systancia Cleanroom. The use of Systancia Cleanroom for administration actions thus allows organizations to protect themselves against any risk of identity theft, since this is detected before the illegitimate user has time to carry out actions that are dangerous for the information system. Thanks to its applications and the challenges it addresses, User Behavior Analytics is today one of the major levers for improving the security level of organizations faced with increasingly sophisticated threats in cyberspace.