User behavior analytics (UBA) is a relatively new category for the data analytics and cybersecurity world, gaining much interest in recent years, but what exactly is UBA? To put it simply, UBA is a method of analyzing user behavior and using that analysis to help indicate and safeguard against potential threats. By monitoring user activities, cybersecurity teams can better understand specific human behavior patterns, making it possible to detect a potential attack or prevent a data breach before any damage happens.
A simple, real-world example of monitoring UBA is receiving a fraud alert from your credit card company due to some suspicious activity related to your account. The financial institution alerted you because they have created baseline models of your prior user behavior, and perhaps, users similar to yourself, to better understand patterns. Understanding your “normal” behavior makes it possible to detect any abnormal activity to prevent harmful activity from happening.
UBA is one of the many tools in any security team’s toolset. It is a powerful way to detect abnormal behavior and an investigation tool for potential security risks, including insider threats, cyberattacks, and ultimately mitigating loss of high-value assets. However, understanding user behavior analytics is often easier said than done.
So why do most security teams currently avoid UBA?
Existing UBA Solutions Lack Transparency
Setting up and incorporating UBA into your overall security strategy can be challenging, with current offerings falling short of their promises. The majority of UBA vendors take a “black-box approach” to their offering, making it extremely hard to set up, understand, and maintain even for the most technical people in your organization.
A simple explanation of the black-box approach is “you are given a box with a set of inputs (switches and buttons) and a set of outputs (lights which are either on or off). By manipulating the inputs, you can observe the corresponding outputs, but you cannot look inside to see how the box works”. It usually takes months to set up, do the data plumbing and “train” the black-box system and requires users to typically spend upwards of six months filtering out the noise and false-positives before getting value.
Even once the system is up and running, it requires constant tweaking and involvement from expensive professional services teams, all while not truly understanding the root cause behind the alerts. The majority of the UBA tools on the market currently use proprietary machine-learning algorithms when instead, it's actually just a set of common rules and heuristics. Not to say this is easy, since these tools still require a lot of compute power, which is one of the reasons for the expensive cost of current UBA tools.
Existing UBA Solutions are Difficult to Trust
Security teams are continually bogged down by the overload of alerts, also known as alert fatigue, with a recent study finding that almost half of its respondents reported that 50% or higher of its alerts are false positives and that 35% of respondents said their SOC (security operations center) has turned off high-volume alerting features. Some UBA vendors require a "learning period" in order to detect abnormal behavior, resulting in security teams spending months filtering through false-positive alerts, when what is really needed is more context around why alerts are triggered, to begin with.
Existing UBA Solutions are Difficult to Setup and Maintain
Another common challenge of incorporating UBA into your security toolkit is connecting new and additional systems is difficult, even more so when your organization has data silos. A data silo is a repository of data in control by one department and isolated from the rest of the company. In recent years, data silos are seen as a hindrance because they impede productivity and negatively impact data integrity. Traditionally, incorporating UBA comes with strings attached. You (the buyer), or a professional services team is tasked with correlating the data, modeling the data, and after this point, most of these UBA tools require a lot of inputs to give any quality signals to create alerts. What if you could still get signals without all these headaches?
Existing UBA Solutions Are Too Costly
UBA tools on the market are simply unaffordable for most organizations. Only the largest companies can afford the purchase, configure and maintain this kind of software, with some tools charging based on data ingestion; a method that can come back to haunt you at the end of the month, or priced on an-enterprise license level that starts at tens of thousands of dollars. Many products on the market are trying to solve monitoring UBA and helping organizations elevate critical threats, but oftentimes, they require many resources, time to set up, data plumbing, and connecting all of the dots--resources that most organizations don’t have to allocate. This is why we’ve built Fletch, ready-to-use analytics.
What are ready-to-use, affordable user behavior analytics?
Unlike data analytics platforms that start out empty and leave it to the user to figure out all of the data plumbing, upkeep, and visualization, Fletch automatically connects and maintains your data feeds so that business operators can get right to results. We are starting by helping you quickly gain visibility into your environment to monitor user behavior and mitigate the loss of high-value assets.
Fletch triangulates your user’s activity across your Cloud and SaaS applications through an ever-evolving series of triggers to automatically surface your highest risk users that you should pay attention to.
We’ve made monitoring UBA simple. It takes just 15 minutes to connect your data. The Fletch engine then automatically indexes your data (usually within 24 hours). Fletch then proactively delivers daily, actionable insights to better secure and run your organization. These insights aren’t just a risk score coming out of a black box, we are talking actual answers anyone can understand with all the transparency at your fingertips to quickly discover the root cause. Once you have these insights and the guidance Fletch experts provide, you can easily dig in with your own questions to gain additional context using Fletch’s powerful natural language search engine.
How can Fletch make UBA monitoring easy?
By monitoring and understanding UBA with Fletch, you can:
- Automate risk detection and quickly get insights to stop insider threats.
- Be alerted to the mismanagement of high-value assets.
- Get notified of high-risk employees.
Insights you can gain through monitoring UBA with Fletch include:
- Abnormal login frequency behavior.
- Accounts with multiple concurrent sessions.
- Abnormal number of downloads by a user.
- Abnormal login behavior from different locations.
- Abnormal usage of critical systems, and much more.
Monitoring UBA with Fletch helps security teams protect their organization; it also helps security teams scale and be more effective by reducing noise and expedite threat hunting. Get full context; who is involved, where, when, and what to do next. All within a click of a button. Know which incidents to prioritize. No data plumbing or writing code is required.
Fletch also enables organizations to track progress easily. Gain visibility into how quickly issues got resolved and the effectiveness of those resolutions. Fletch gives security teams peace-of-mind by surfacing industry-vetted leading indicators such as users that missed more than 75% of user behavior location targets in the past 30 days. Companies become far more insurable for cybersecurity breaches and can expedite passing compliance with the increased visibility. In fact, according to IBM’s Cost of a Data Breach Report 2020, incident response and security automation show the greatest potential for cost savings, with the average total cost of a data breach in 2020 being 3.86 million US dollars.
Fletch instantly identifies risky user behavior to protect organizations against insider threats by monitoring UBA, delivering the insights you need to identify unknown risks within 24 hours. Discover abnormalities and potential threats, know where you stand, what to pay attention to, and get the full-context to understand why something is important.
Unlike other solutions, Fletch:
- Is extremely easy to set up.
- Requires virtually no heavy lifting.
- Takes 15 minutes to connect your data, and within 24 hours, you’ll gain visibility into your selected Cloud and SaaS environments.
We are currently in closed beta. If you are interested in joining the closed beta program, please sign up below or email us directly at uba@fletch.ai.
