The massive expanse of software and IT in the past couple decades has fundamentally transformed the world we live in and how we interact with the world. Engineers have learned how to store data on how users interact with software down to how the user moves their mouse. By itself these collected data would not be extremely helpful. However, improved analytics capabilities in recent years, especially in artificial intelligence, have enabled massive amounts of user data to be mined for insights. Analyzing large amounts of user data in this manner is called behavioral analytics.
Behavioral analytics utilizes a combination of big data analytics and artificial intelligence on user behavioral data to identify patterns, trends, anomalies, and other useful insights to enable appropriate actions. Behavioral analytics is used in many industries and applications including ecommerce, healthcare, banking, insurance, and cybersecurity.
ArcSight Intelligence empowers your security team to preempt elusive attacks. With contextually relevant insights from behavioral analytics, analysts can quickly zoom in on what truly matters in their battles against complex threats such as insider threats and advanced persistent threats (APT).
Learn moreData creation has exploded in the last decade and is forecasted to continue to exponentially multiply as seen in the figure below. The chart forecasts that by 2025 an estimated 160 zettabytes will exist in the global data-sphere. A zettabyte is difficult to visualize because it is so massive. However, if we represented each byte by a kilometer, one zettabyte would be equal to 3,333,333,333,333 round trips to the sun. It is estimated that only 15% of the created data will be stored, but that is still a massive amount of data.
There are a few significant challenges with storing behavioral data:
Behavioral data is captured largely through interactions that people have with software or servers. An example of an interaction is uploading data to a website or selecting a product on a website. These events are stored in databases locally on a device or more commonly on servers owned by corporations along with date and time stamps in a way that can be easily accessed.
Entire industries are built around collecting data and utilizing that data. Here are some examples of data collection that you may not be familiar with:
Historically, cybersecurity has solely used rule-driven frameworks to detect potential cyber threats. An example of this is if a large amount of data is downloaded in the middle of the night. This action might trigger a rule violation which would alert the security team. This rule-based approach is still an important part of a layered analytics security approach today; however, smart hackers can avoid triggering many of the rules that are set up in these systems and it can be hard to find employees acting in a malicious manner (otherwise known as insider threats). Behavioral analytics enables a people-centric defense by using complex machine learning algorithms to analyze user and entity data across an enterprise and identify unexpected behavior that may be an indication of a security breach.
In cybersecurity, behavioral analytics is often called user and entity behavior analytics or UEBA. UEBA has grown in popularity because it can sift through most of an organization’s data to develop high quality leads for security analysts to evaluate which saves significant time and money. UEBA can also reduce the amount of security analysts which can reduce pressure from companies to participate in the very competitive security talent war.
One of the biggest applications of behavioral analytics in security is detecting insider threats. Insider threats are attacks from employees of an organization motivated either by monetary gain or retribution against the company. Since employees already have access to sensitive information that they use in their job, no hacking is required to steal that information from the company. Therefore, security rules are often not triggered. Behavioral analytics, however, can be used to identify and alert the security team to unusual behavior exhibited by employees.
Another common application of behavioral analytics in security is detecting advanced persistent threats (APTs). APTs occur when a hacker gains access to an organization’s server for an extended period of time. These attacks are especially difficult to detect using conventional methods because APTs are consciously designed to avoid triggering common rules so as to ensure longevity in their access. Behavioral analytics, however, are able to detect APTs since their algorithms monitor activity that is out of the ordinary that would be exhibited by APTs.
The last application of UEBA software that is very common is detecting zero-day attacks. Zero-day attacks are new attacks that have not been used before and therefore will have no rules written to detect them. Because behavioral analysis uses previous behavioral data to evaluate what is not normal, these new attacks can often be detected because they generally use new executables and methods that are out of the ordinary in order to breach a company’s security.
Internet of things or IoT refers to the network of peripheral devices that connect to the internet and/or other devices to create a web of connected devices. IoT is experiencing significant growth in the past decade which can be seen in many industries including manufacturing, supply chain, and consumer products. Many of these IoT devices collect behavioral data and use that data to perform analytics to derive insights or appropriate actions.
One of the more visible consumer product examples of this growth is the proliferation of smartwatches. Only a few years ago, smartwatches were very uncommon with only forward-facing tech enthusiasts purchasing these devices, but with more companies diving into this industry, smartwatches and other IoT devices have become much more mainstream. Today, IoT devices are so common that even a casual video game streamer will wear a heart rate monitor that displays for viewers to see. Examples of consumer facing IoT applications that collect behavioral data are:
Corporations are also looking into using IoT with behavioral analytics to augment their current capabilities. The main reason why businesses are looking to IoT to improve their operations is due to the promises of decreased costs, more accurate delivery estimations, and superior product care. There are less devices that specifically collect behavioral data than in the consumer space, but a couple are:
As the volume of IoT devices continues to grow, behavioral analytics will increase in importance in providing value to consumers and businesses alike.
The amount of data that is generated and stored today far exceeds any other generation to the point where the term “big data” was created. Big data refers to when data scientists or statisticians use methods that use a large amount of data. Generally, more data improves the effectiveness of analytics assuming the quality of the data is the same. Many of the more powerful algorithms such as neural networks are ineffective with small amounts of data, but with large amounts of data become much more effective.
Some industries have embraced the idea of big data more than others with a good example being website advertising. For example, in web advertising tests such as A/B testing enables quick data gathering and analysis, yielding effectiveness metrics for compared ads. Many industries struggle to adopt a big data approach due to the amount of data that is generated, data paywalls, or data regulation that makes it difficult to collect and use entities’ data.
Behavioral analytics fits well in the big data category because behavioral data generates a large amount of data, it can often be collected, and it can often be tracked for each user. When you navigate to websites and see a warning about using cookies to track your experience, they are often tracking your behavior on the website in order to optimize the website design. As mentioned previously, one of the richest sources of behavioral data is IoT to such an extent that entire companies are founded solely focused on running behavioral analytics from resulting IoT data.
Machine learning is a class of algorithms that uses input data and sometimes expected data output to finetune model parameters for accuracy. Machine learning is especially helpful to analyze and classify large data quantities since the algorithms can process vastly more than humans. Behavioral analytics often uses machine learning to derive insights or automate decision-making.
Some examples of behavioral analytics and machine learning use cases are:
One of the reasons why Amazon became the dominant ecommerce platform in the market is because it focused its attention on analyzing both consumers’ browsing habits and consumers’ buying habits both of which are classified as behavioral analytics.
By evaluating consumers’ buying habits companies can identify optimal opportunities for both product promotions and bundles. A great example of bundles that are determined by behavioral analytics is on Amazon’s product pages below the initial product details. Usually the bundles include a few other items that others purchased with the same product. Purchasing the bundle gives a slight discount on all the products.
Buying habit data also enables customer segmentation using unsupervised machine learning methods such as clustering. Customer segmentation helps companies understand general buying habits of groups of people to better identify ways to cater to broad groups of people.
Internationally, fraud costs the global economy trillions of dollars per year. Unsurprisingly, financial companies are highly invested in catching fraudulent activity detected from unusual consumer behavior to lower costs due to fraud and provide a more secure experience for their customers.
Fraudulent transactions are caught by using behavioral machine learning algorithms to establish normal behavior so that when an unusual transaction occurs it can be flagged as possible fraud. Often, financial companies will reach out to customers when possible fraudulent activity occurred to verify if the transaction was actually fraudulent.
An example of unusual behavior that may indicate fraud is if a consumer buys coffee in Los Angeles and then 20 minutes later buys a donut in London. It would be impossible to travel that fast to make both purchases. Another example is if a consumer makes an expensive purchase that they have never made before in a location they have never been. For instance, if a consumer’s financial credentials are used to purchase fifty mattresses in Brazil when they live in Canada.
Behavioral analytics will continue to become even more useful as machine learning algorithms improve and data becomes more socialized in industries with siloed data. With the increased opportunity of behavioral analytics comes greater responsibilities for businesses to use data in a compliant and respectful manner.
With the ever-increasing cyber threats that businesses face today, more preventative measures must be taken to secure valuable data and keep hackers out of internal networks. Our premier UEBA SecOps software, ArcSight Intelligence, uses behavioral analytics to detect anomalies that may indicate malicious actions. It has a proven track record of detecting insider threats, zero-day attacks, and even aggressive red team attacks. Take the first step to securing your organization. Schedule a demo of OpenText™ Arcsight™ Intelligence for CrowdStrike today!
Smarter, simpler protection
Proactively detect insider risks, novel attacks, and advanced persistent threats
Simplify log management and compliance while accelerating forensic investigation. Hunt and defeat threats with big-data search, visualization, and reporting
Interset augments human intelligence with machine intelligence to strengthen your cyber resilience. Applying advanced analytics, artificial intelligence, and data science expertise to your security solutions, Interset solves the problems that matter most