One of the greatest advantages of cloud-based service is the ability to access files and resources remotely from multiple devices. However, this benefit also carries the risk of potential data breach. The danger grows exponentially when you consider that many users employ the same username and password combinations across multiple sites. So, if your company uses cloud-based storage services, how can you ensure the security of documents and data while preserving ease of employee access? User behavior analytics (UBA) is one of the newest and most effective IT security strategies.
What Is User Behavior Analytics (UBA)?
Ganesh Kirti of Palarra defines User Behavior Analytics (UBA) as “advanced machine learning techniques to create a baseline for normal behavior for each user. If a hacker is accessing an employee’s account using stolen credentials, UBA will flag a number of indicators that this access deviates from the normal behavior of a legitimate user.” With UBA, companies can identify attacks on cloud-based storage systems in four ways:
- Flag logins from unusual IP addresses or physical locations. Whether your business has sales reps who work from the road or employees who telecommute, you probably have people logging in to your corporate network from remote locations. So, how can you tell if a remote login came from a legitimate location? UBA can compare the time between login attempts from different geographic locations of each user to determine what’s physically possible as well as what’s typical for a given user. Results outside the norm are then flagged as a potential attack vector.
- Detect spikes in the number of file downloads. By compiling baselines of “normal” activity, UBA systems can detect significant changes in typical user behavior, such as an increase in the number of files downloaded from the corporate network or accessing files on servers that the user’s job role shouldn’t require to gain access.
- Detect logins that occur outside of normal business hours. UBA software’s ability to monitor user accounts, especially those with elevated privileges (the ultimate goal for many cybercriminals), is particularly valuable. UBA flags unusual activity, such as login attempts or data transmissions outside of normal business hours.
- Identify anomalous file sharing or preview activities. This is similar to identifying unusual login times or higher-than-normal file download volume. UBA software identifies when user accounts are sharing files or data outside of the corporate network or to unusual accounts (such as a personal Dropbox folder). Conversely, UBA protocols can tag when files are previewed on services or servers that the user doesn’t typically access.
If you’re concerned about protecting the data stored in your cloud computing environment, contact All Phases IT. Our team of cloud-based security experts can help. Simply contact us today for a complimentary 30-minute consultation and evaluation of your current cloud security infrastructure.