_Igor_Stevanovic_Alamy_Stock_Photo.jpg?disable=upscale&width=1200&height=630&fit=crop&w=696&resize=696,0&ssl=1 "The Impact of Behavioral Analytics in Cybersecurity: Who Gains the Most?")
_Igor_Stevanovic_Alamy_Stock_Photo.jpg?disable=upscale&width=1200&height=630&fit=crop&w=1200&resize=1200,0&ssl=1&description=The+Impact+of+Behavioral+Analytics+in+Cybersecurity%3A+Who+Gains+the+Most%3F){kind=link}
Photo credit: www.darkreading.com
COMMENTARY
IBM’s latest annual “Cost of a Data Breach Report” revealed a notable increase in the average cost of a data breach, which rose from $4.4 million to $4.8 million over the past year. This escalation is compounded by concerns from security operations center (SOC) leaders, as highlighted by Vectra AI, where over 70% express apprehension that genuine attacks could be obscured by a torrent of false-positive alerts and other distracting security signals. This overwhelming environment is leading to significant stress and burnout among cybersecurity professionals, contributing to an ongoing talent shortage in the field.
In light of rising breach costs and an unrelenting stream of alerts, the function of behavioral analytics in cybersecurity has become increasingly vital. User and entity behavioral analytics (UEBA) is especially crucial for institutions like schools, government agencies, and healthcare facilities, which are integral to society but often operate on tight budgets and limited personnel. Smaller cybersecurity teams make these organizations even more vulnerable to breaches, underlining the need for effective analytical tools.
Weeds Out the Noise
Without the integration of behavioral analytics, every authentication attempt or device connection can trigger an alert within the SOC, creating a challenge for cyber defenders. In the absence of a mechanism to distinguish between legitimate threats and false positives, all alerts are treated with equal urgency, which can lead to crucial risks being overlooked in environments where the stakes are particularly high, such as schools, government agencies, and hospitals.
The phenomenon of alert fatigue can overshadow critical signals, leading SOC analysts to overlook important data or, conversely, to respond to all alerts with diminished effectiveness. UEBA effectively monitors user and machine behaviors and hunts for deviations indicative of genuine threats, thus streamlining the alert process. This method not only reduces the noise that floods security teams but also alleviates the cognitive burden on analysts, allowing them to concentrate on the alerts that truly matter.
Allows for Prioritization
For many SOCs, implementing UEBA is a logical step forward, yet many educational, healthcare, and government institutions have yet to fully adopt this strategy. Due to their limited resources, these organizations stand to benefit significantly from behavioral pattern analysis, enhancing their resource efficiency. A sound UEBA implementation provides SOC analysts with a higher confidence level in the alerts generated, ensuring that time is effectively allocated to the most pertinent investigations.
The conversation around analyzing behavior patterns naturally intersects with artificial intelligence. UEBA represents a prime opportunity for AI application, particularly for entities in the public sector that face resource constraints. By pairing AI capabilities with UEBA, organizations can effectively manage limited human resources, with AI sifting through alerts to surface only credible threats for further examination. This not only enhances operational efficiency but also serves to mitigate the risk of burnout associated with manual threat assessment.
Reduces Risk
Despite some executives’ reservations about placing reliance on automated systems for security operations, the potential risks associated with an overstretched human workforce often present a greater concern. Fears about AI’s capabilities in managing threat detection may overshadow the more pressing reality of team burnout and attrition. While AI can present challenges, the greater risk lies in maintaining an exhausted workforce.
Evidence from various organizations suggests that integrating AI into security operations can yield significant advantages. A Vectra AI survey indicated that nearly 70% of respondents experienced reduced burnout and enhanced detection and response capabilities after utilizing AI. This potential for transformation is particularly compelling for institutions tasked with educating children, providing healthcare, and maintaining critical infrastructure.
Source
www.darkreading.com