Analyzing User Behavior

Protecting a company's network is big business.

For a company, protecting their network is critical. Threats come in all shapes and sizes and can originate externally or internally. The use of User and Entity Behavior Analytics tools (UEBA) can help companies monitor activity on the network and respond to internal threats. In this article for CSO, Ryan Stolte examines various insider threats UEBA can help to identify and prevent.

Stolte divides internal threats into four different categories - malicious insiders, non-malicious insiders, repeat offenders, and compromised credentials. By using UEBA to monitor user behavior, companies can identify unusual or risky activity. These tools can help companies avoid stolen data due to collusion, flag users exhibiting risky behavior, and prevent data theft by employees that may be leaving the company.

Supporting Web Links
Discussion Questions/Activities
  1. Ask students what are the biggest security threats a company needs to protect itself from. This article reports that insiders are responsible for more than half of the data breaches. Does this surprise them? Why or why not?
  2. Divide the class into four groups and assign each group to research one of the four types of internal threats discussed in the article - malicious insiders, repeat offenders, etc. Each group should create a presentation describing the type of activities this threat engages in, provide relevant statistics, and locate one or more current examples of such activity. 
  3. As an individual project, students should review one or more of the articles in the Supporting Web Links section and write a brief report about how businesses are responding to changes in the way employees interact with the corporate network.


Popular posts from this blog

Lights, Camera, Render!

Shutting Down Stream Ripping

Writing in Style