The Role of UEBA in Managing Insider Threats Within the Digital Workplace
by Aware HQ, on 7/31/20 1:17 PM
Since March 2020, employees are 57% more active on collaboration tools like Slack, Microsoft Teams, Workplace from Facebook and Yammer. While these tools keep employees connected, sharing ideas and innovating—the shadow implication is that the new volume of digital communications introduces security concerns of a broad scale. Does your enterprise utilize UEBA to prevent leaks, ensure compliance and catch insider threats?
In the ever-evolving world of data protection, it’s important to understand the implications that accompany unstructured user data and behavior. Though your employees likely have your company’s best interest in mind, human error is always at play: we’re not perfect. Lots of (potentially compromising) data flows through your collaboration platforms daily. What are you doing to protect your enterprise from these liabilities?
One solution to inside data threats is UEBA.
What is UEBA?
User and entity behavior analytics (UEBA) is a cyber security process that takes note of the normal conduct of users, then detects anomalous behavior and user pattern deviations.
UEBA vs SIEM
UEBA is a close relative to security information and event management. SIEM software is made up of two other data analyzing programs: security event management (SEM) and security information management (SIM).
SEM software analyzes log and event data in real-time and outputs threat monitoring, event correlation and incident responses. SIM software then picks up the baton when it collects, analyzes and reports on the logged data.
Though SIEM solutions are made up of two strong data analytics tools, the AI functions in UEBA tools go the extra mile to recognize and learn human-like behavior, protecting your enterprise from data breaches on a whole new level.
UEBA Solvable Threats to Enterprise Collaboration
Common security risks in collaboration platforms include data leaks, insider threats, regulatory compliance, and IP leaks. We will further explore these risks and provide solutions to prevent these occurrences in your company’s future.
While most collaboration platforms provide some level of data security, it’s important to keep in mind that out-of-the-box services may not be enough.
For example, let’s investigate the security breach experienced by The Department of Veteran’s Affairs in 2015. Back in 2008, an employee of the VA deployed Yammer without permission, in addition to other collaboration tools. As time went on, multiple employees followed and shared veterans’ personal health information, the VA’s IP addresses and numerous other inappropriate pieces of data to multiple insecure social platforms. These wrongdoings came to light in 2015 when the Office of Inspector General (OIP) launched an investigation to examine the agency’s unapproved use of platforms, leading to a major scandal involving national headlines, discharged employees, and a tarnished reputation for the VA. Their reputation and character may have persevered if even one person had thought to implement UEBA software capabilities.
UEBA streamlines overall security measures and notifies leaders of credible security threats including—but not limited to—asset information, social security numbers and personally identifiable information.
While there are many rewards to implementing an enterprise collaboration platform, there are also many risks to consider. When an increasing number of people have access to any set of data, the risk of unsafe exposure grows as time goes on.
For example, let’s say your company has a meeting every Friday in which the leadership team publishes a private budget sheet on Slack. The file contains a list of upcoming budget cuts, including a list of the names of prospective layoffs. After the meeting, an attendee attempts to send the sheet to the leadership channel but accidentally sends it to the general channel instead. Just 14% of yearly insider threats are malicious, meaning the other 86% is attributed to carelessness, negligence or are genuine accidents.
According to Harvard Business Review, at least 80 million insider attacks occur annually in the U.S. alone, costing tens of billions of dollars every year. With UEBA software, companies are able to track, collect, and analyze user and machine data using various analytical techniques to find and highlight anomalous behavior.
Compliance challenges are growing and changing all the time, increasing risk and cost to enterprises everywhere. While the cost of compliance can be high, the cost of non-compliance can be much higher.
For example, in 2016 alone, the Consumer Financial Protection Bureau (CFPB) cited over $5 billion in total penalties, a number which increases yearly. With non-compliance comes data leaks which increase risk and the overall need for data monitoring security measures.
UEBA technology continuously looks for anomalous and risky behavior, reporting what it finds directly to your compliance team lead. It also overcomes false-positive reporting with behavioral analytics, saving your incident response team time with accuracy.
Intellectual Property Leaks
Did you know that IP can constitute more than 80% of your company’s value? It’s safe to say that IP is important, so how can you best protect this asset?
Take a look at Tesla, for example, who filed an IP lawsuit against a former employee in 2017. An employee realized a former Program Manager transferred hundreds of gigabytes of their confidential and proprietary information to his personal hard drives, then tried to cover it up, in an effort to create his own self-driving cars. In a statement, Tesla expressed their distrust and frustration at the scenario, stating, “[The former Program Manager] abuse[d] his position of trust and orchestrate[d] a scheme to deliberately and repeatedly violate his non-solicit agreement, hide evidence, and take the company’s confidential and proprietary information for use in a competing venture.” With UEBA, Tesla has the power to receive a notification the moment an employee downloads a file, or even before the download begins.
Two of the most common sources of IP leaks (both intentional and unintentional) are employees and business partners. These, uncoincidentally, are the same groups that have access to internal ESN’s and collaboration tools. Employing UEBA software can protect your company from data leaks by planning for them.
UEBA tools are not intended to replace other monitoring systems, but rather to enhance the tools your company already has in place. It’s never a bad idea to improve your data’s security, and UEBA is a strong option because of its overarching strengths:
- Proactive approach
- Anomalous behavior detection
- Compromised account detection
- Permission and policy alteration detection
- Machine learning capabilities
- Statistical analysis backup
- Fewer false positives
All UEBA Solutions Are Not Created Equal
UEBA is critical to making sense of unstructured collaboration data and getting ahead of risk. However, not all UEBA solutions offer the same level of insight. While behavioral activity (logins, shared documents, etc.) drives standard UEBA solutions, the human element of the data flowing in your collaboration platforms requires an extra layer of behavior analysis.
Aware analyzes every conversation with the industry's most accurate behavior AI to bring best-in-breed User Entity Behavior Analytic solutions to your organization. Using sentiment, theme and toxic speech analysis, Aware tells the complete UEBA story, diminishing noise and improving threat identification in real-time.