TECHNOLOGIES OF USER ACTIVITIES MONITORING AND ANALYSIS IN PREVENTING INSIDER THREATS OF INFORMATION SECURITY OF AN ORGANIZATION

T. Muzhanova, S. Lehominova, Yuriy Yakymenko, I. Mordas
{"title":"TECHNOLOGIES OF USER ACTIVITIES MONITORING AND ANALYSIS IN PREVENTING INSIDER THREATS OF INFORMATION SECURITY OF AN ORGANIZATION","authors":"T. Muzhanova, S. Lehominova, Yuriy Yakymenko, I. Mordas","doi":"10.28925/2663-4023.2021.13.5062","DOIUrl":null,"url":null,"abstract":"The increase in the number of information security incidents related to personnel activities, the frequency of which has almost doubled in the last two years, has led organizations to use effective technologies that prevent and counteract internal threats to information security. An important role in this context belongs to the tools of monitoring and analysis of user activity. According to experts, in the coming years, such technologies will be implemented in 80% of solutions to identify threats and prioritize information security incidents.\n\nThe article reveals the essence and analyzes the functionality of several systems that monitor and analyze employee behavior, including Data Loss Prevention (DLP), Access Control, Analysis of User Behavior and IT objects (UBA / UEBA).\n\nThe authors establish that the DLP system monitors and reports on user attempts to transmit confidential information by monitoring mail and web traffic, wireless access, external storage, input/output devices, user workstation software, audio and video surveillance of its activities, etc.\n\nAccess control tools perform, in particular, the functions of monitoring access and movement of a person in protected areas of the object, collecting information from surveillance cameras, keeping records of working time. In the context of a pandemic, solutions have been developed that allow identifying a person in a mask on the face, to perform the functions of monitoring health.\n\nAnalysis of the functional characteristics of UBA / UEBA behavioral analytics systems showed that they not only solve the problem of collecting data from all possible available sources (software and hardware, logs, user correspondence, etc.), but also analyze the collected data and report atypical user behavior in case of its detection.\n\nThe article notes that behavioral analytics is used in a number of security technologies, such as Security Information and Event Management system, Intrusion Detection and Prevention System, and others, complementing and expanding their capabilities, helping to create comprehensive information security solutions.\n\nThe authors recommend organizations to use tools for monitoring and analyzing the user activities in different combinations or as part of integrated Information Security Management solutions to achieve the appropriate information security level in the face of growing threats from personnel.","PeriodicalId":198390,"journal":{"name":"Cybersecurity: Education, Science, Technique","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity: Education, Science, Technique","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.28925/2663-4023.2021.13.5062","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The increase in the number of information security incidents related to personnel activities, the frequency of which has almost doubled in the last two years, has led organizations to use effective technologies that prevent and counteract internal threats to information security. An important role in this context belongs to the tools of monitoring and analysis of user activity. According to experts, in the coming years, such technologies will be implemented in 80% of solutions to identify threats and prioritize information security incidents. The article reveals the essence and analyzes the functionality of several systems that monitor and analyze employee behavior, including Data Loss Prevention (DLP), Access Control, Analysis of User Behavior and IT objects (UBA / UEBA). The authors establish that the DLP system monitors and reports on user attempts to transmit confidential information by monitoring mail and web traffic, wireless access, external storage, input/output devices, user workstation software, audio and video surveillance of its activities, etc. Access control tools perform, in particular, the functions of monitoring access and movement of a person in protected areas of the object, collecting information from surveillance cameras, keeping records of working time. In the context of a pandemic, solutions have been developed that allow identifying a person in a mask on the face, to perform the functions of monitoring health. Analysis of the functional characteristics of UBA / UEBA behavioral analytics systems showed that they not only solve the problem of collecting data from all possible available sources (software and hardware, logs, user correspondence, etc.), but also analyze the collected data and report atypical user behavior in case of its detection. The article notes that behavioral analytics is used in a number of security technologies, such as Security Information and Event Management system, Intrusion Detection and Prevention System, and others, complementing and expanding their capabilities, helping to create comprehensive information security solutions. The authors recommend organizations to use tools for monitoring and analyzing the user activities in different combinations or as part of integrated Information Security Management solutions to achieve the appropriate information security level in the face of growing threats from personnel.
防止组织信息安全内部威胁的用户活动监测和分析技术
与人员活动相关的信息安全事件数量的增加,其频率在过去两年中几乎翻了一番,这促使组织使用有效的技术来预防和抵消对信息安全的内部威胁。在这方面,监测和分析用户活动的工具发挥着重要作用。据专家介绍,在未来几年,此类技术将在80%的解决方案中实施,以识别威胁并优先处理信息安全事件。本文揭示了几个监控和分析员工行为的系统的本质和功能,包括数据丢失预防(DLP)、访问控制、用户行为分析和IT对象(UBA / UEBA)。作者确定,DLP系统通过监控邮件和网络流量、无线接入、外部存储、输入/输出设备、用户工作站软件、对其活动的音频和视频监控等方式,对用户试图传输机密信息的行为进行监控和报告。访问控制工具的功能主要是监控对象受保护区域内人员的访问和活动,从监控摄像头收集信息,做好工作时间记录。在大流行的背景下,已经制定了解决方案,允许识别戴着口罩的人,以履行监测健康的功能。通过对UBA / UEBA行为分析系统功能特点的分析表明,UBA / UEBA行为分析系统不仅解决了从所有可能的来源(软件和硬件、日志、用户通信等)收集数据的问题,而且还可以对收集到的数据进行分析,并在发现非典型用户行为时报告。本文指出,行为分析用于许多安全技术,如安全信息和事件管理系统、入侵检测和预防系统等,补充和扩展其功能,帮助创建全面的信息安全解决方案。作者建议组织使用工具来监控和分析不同组合的用户活动,或作为集成信息安全管理解决方案的一部分,以在面对日益增长的人员威胁时实现适当的信息安全级别。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信