In security, there is no average behavior

2022-08-15 19:13

While User Behavior Analytics is about a single baseline for each activity and an analysis of each activity on its own, User Journey Analytics looks at sequences of activities and learns for each user the complete set of typical user journeys in an application.

The future is in implementing sequence-based detection in the application layer, enabling more accurate detection by performing user journey analysis of a sequence of activities in SaaS and custom built applications.

Analyzing the path people take from the moment they enter through the front door of the bank, as they pass throughout the hallways and rooms - to, in and from the vault - enables us to learn which journeys are normal and expected.

We find malicious journeys by comparing each user journey to their learned normal journeys, because malicious users are likely to use a journey that is different from normal.

Maybe their journey in the bank is longer because they don't know where they're going, or maybe they just quickly go in and out as fast as possible to avoid raising any suspicion.

The accurate detection of malicious behavior via analysis of user journeys is based on the underlying assumption that an abnormal session is characterized by a journey which isn't similar to the user's typical journeys in an application.

News URL

https://www.techrepublic.com/article/security-no-average-behavior/

#security