TECHNOLOGIES OF USER ACTIVITIES MONITORING AND ANALYSIS IN PREVENTING INSIDER THREATS OF INFORMATION SECURITY OF AN ORGANIZATION

Authors

DOI:

https://doi.org/10.28925/2663-4023.2021.13.5062

Keywords:

information security of an organization; internal threats to information security of an organization; Data Loss Prevention (DLP); Access Control; User Behavior Analytics (UBA).

Abstract

The increase in the number of information security incidents related to personnel activities, the frequency of which has almost doubled in the last two years, has led organizations to use effective technologies that prevent and counteract internal threats to information security. An important role in this context belongs to the tools of monitoring and analysis of user activity. According to experts, in the coming years, such technologies will be implemented in 80% of solutions to identify threats and prioritize information security incidents.

The article reveals the essence and analyzes the functionality of several systems that monitor and analyze employee behavior, including Data Loss Prevention (DLP), Access Control, Analysis of User Behavior and IT objects (UBA / UEBA).

The authors establish that the DLP system monitors and reports on user attempts to transmit confidential information by monitoring mail and web traffic, wireless access, external storage, input/output devices, user workstation software, audio and video surveillance of its activities, etc.

Access control tools perform, in particular, the functions of monitoring access and movement of a person in protected areas of the object, collecting information from surveillance cameras, keeping records of working time. In the context of a pandemic, solutions have been developed that allow identifying a person in a mask on the face, to perform the functions of monitoring health.

Analysis of the functional characteristics of UBA / UEBA behavioral analytics systems showed that they not only solve the problem of collecting data from all possible available sources (software and hardware, logs, user correspondence, etc.), but also analyze the collected data and report atypical user behavior in case of its detection.

The article notes that behavioral analytics is used in a number of security technologies, such as Security Information and Event Management system, Intrusion Detection and Prevention System, and others, complementing and expanding their capabilities, helping to create comprehensive information security solutions.

The authors recommend organizations to use tools for monitoring and analyzing the user activities in different combinations or as part of integrated Information Security Management solutions to achieve the appropriate information security level in the face of growing threats from personnel.

Downloads

Download data is not yet available.

References

Data Breach Investigations Report. (2020). Verizon. https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf

15 Alarming Cyber Security Facts and Stats. Cybint. https://www.cybintsolutions.com/cyber-security-facts-stats/

Buriachok, V. L., Tolubko, V. B., Khoroshko, V. O., & Toliupa, S. V. (2015). Informatsiina ta kiberbezpeka: sotsiotekhnichnyi aspekt : pidruchnyk. DUT

Bashynska, I. O. (2014). Osnovni porushnyky ta zahrozy informatsiinoi bezpeky promyslovykh pidpryiemstv. Problems of social and economic development of business.

Zhyvko, Z. B. (2019). Suchasni metody zabezpechennia nadiinosti personalu : navchalnyi posibnyk u skhemakh i tablytsiakh. LvDUVS.

Elmrabit, N., Yang, S.-H., Yang, L. (2015). Insider threats in information security categories and approaches. https://www.researchgate.net/publication/283503171_Insider_threats_in_information_ security_categories_and_approaches

Markus, K., Pihelgas, M., Wojtkowiak, J., Trinberg, L., Osula, A.-M. (2018). Insider Threat Detection Study. Cooperative Cyber Defence Centre of Excellence. https://ccdcoe.org/uploads/2018/10/ Insider_Threat_Study_CCDCOE.pdf

Mazzarolo, G., Jurcut, A. (2019). Insider threats in Cyber Security: The enemy within the gates. https://arxiv.org/ftp/arxiv/papers/1911/1911.09575.pdf

Balakrishnan, B. (2021). Insider Threat Mitigation Guidance. SANS Institute. https://www.sans.org/reading-room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307

Common Sense Guide to Mitigating Insider Threats. Sixth Edition: Technical Report #CMU/SEI-2018-TR-010. Carnegie Mellon University. Software Engineering Institute. CERT National Insider Threat Center. https://apps.dtic.mil/sti/pdfs/AD1084084.pdf

Insider Threat Best Practices Guide. Second Edition. SIFMA. Sidley Austin LLP. https://www.nationalinsiderthreatsig.org/itrmresources/Insider%20Threat%20Best%20 Practices%20Guide%202nd%20Edition%20--%20SIFMA.pdf

Data loss prevention - Glossary | CSRC. NIST Computer Security Resource Center | CSRC. https://csrc.nist.gov/glossary/term/data_loss_prevention

Prokhorov, S. (2016). DLP v strukture ynformatsyonnoi bezopasnosty predpryiatyia. https://lib.itsec.ru/articles2/in-ch-sec/dlp-v-strukture-ib-predpriyatiya

Lutkevich, B. (2020). Access control. https://searchsecurity.techtarget.com/definition/access-control

All About Access Control. Everything covered from definition, types, to features and how-tos. https://www.supremainc.com/en/hub/insights-access-control.asp

UEBA (User and Entity Behavior Analytics) for when traditional Cyber Security can’t protect your network. Northforge Innovations. https://gonorthforge.com/ueba/

Sadowski, G., Litan, A., Bussa, T., Phillips, T. (2018). Market Guide for User and Entity Behavior Analytics. Gartner Inc. https://www.cbronline.com/wp-content/uploads/dlm_uploads/2018/07/gartner-market-guide-for-ueba-2018-analyst-report.pdf

IBM QRadar SIEM. IBM Security : White Paper. IBM Corporation. https://www.ibm.com/downloads/cas/RLXJNX2G

The Seven Essentials of an Analytics-Driven SIEM : White Paper. Splunk. https://www.bwdigitronik.ch/application/files/6915/8081/0492/the-seven-essential-capabilities-of-analytics-driven-siem.pdf

Downloads


Abstract views: 822

Published

2021-09-30

How to Cite

Muzhanova , T. ., Lehominova , S. ., Yakymenko , Y. ., & Mordas , I. . (2021). TECHNOLOGIES OF USER ACTIVITIES MONITORING AND ANALYSIS IN PREVENTING INSIDER THREATS OF INFORMATION SECURITY OF AN ORGANIZATION. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(13), 50–62. https://doi.org/10.28925/2663-4023.2021.13.5062

Most read articles by the same author(s)