User Behavior Analytics: Best Practices You Should Start Now

How much do you know about User Behavior Analytics (UBA), emerging solution that helps detect growing malicious and abusive insider activity across IT environment that otherwise can go unnoticed?

This article details the key challenges for protecting the most critical assets within your IT infrastructure and offers best practices for successful implementation of UBA.

Challenges for securing the modern IT environment:

  • Companies lack visibility into employee activity and application usage across critical IT systems. Check out our recent infographics about shadow IT.
  • Legacy defense strategies are typically focused on the perimeter, so they fail to identify insider threats or attacks in progress within the network.
  • Security teams are often overwhelmed by the huge volume of audit logs generated every day, increasing the risk that important actions can be missed.
  • Most legacy security applications, such as SIEM solutions, are time-consuming to use.

Best practices:

1. Identify the existing sources of data on user behavior, including logs, data warehouses, network flow data, etc. The more data you have, the better.

2. Integrate data from other monitoring systems, such as advanced threat management and HR customer relationship management (CRM) systems.

3. Enable Active Directory auditing to track who is doing what across your critical systems.

4. Enable auditing for all systems that contain sensitive information, including your file servers, SharePoint, SQL servers, etc.

5. If you are using SaaS applications, enable access and user activity logging.

6. Track account creation and account logons, because such activity can reveal account takeovers and other attacks.

7. Enable journaling on your e-mail server and use e-discovery software for e-mail flow analytics.

8. Regularly review effective permissions and enforce a least-privilege model.

9. Track and control your users’ internet traffic via web filtering software.

10. Provide your UBA solution with all the data mentioned above. Fine-tune its rules, alerts, reports and thresholds to reduce noise and false-positive anomalies.

11. Review UBA reports on anomalous activity regularly and investigate incidents promptly.

This security analytics functionality helps you uncover threats that can compromise your hybrid cloud IT environment, so you can protect the assets that matter the most.

In our July issue of SysAdmin Magazine our experts give best practices for IT pros how to spot the potential danger of insider threat. You can download it here for free.

Product Evangelist at Netwrix Corporation, writer, and presenter. Ryan specializes in evangelizing cybersecurity and promoting the importance of visibility into IT changes and data access. As an author, Ryan focuses on IT security trends, surveys, and industry insights.
Download a free recorded webinar to learn how to detect anomalous user behavior