Threat based analytics are, according to many cyber security experts, a critical part of our data security future. But why is that? And what exactly are threat based analytics?
Data analysis as the canary in the coal mine
One of the major hurdles that cyber security has had to overcome in recent years is the tendency for the industry to react rather than prevent. That is, threats are only detected once they have caused harm, and the industry then has to respond in a manner that doesn’t allow that threat to occur again. Threat based analytics are some of the tools that cyber security professionals are using to change that.
Essentially, threat based analysis refers to software that is used to observe and analyse behaviour in a system or network. By observing typical behaviour, this software can “learn” what constitutes atypical behaviour. By detecting anomalous traffic, threat based analytics are often able to determine that there is threatening or suspicious activity prior to that activity causing harm.
Prevention is the best cure
The advantages offered by threat based analytics are clear. It is always more practical to prevent harm from occurring than to react to it after the fact. When that harm is caused by a data breach, for example, there is only so much that can be done to remedy the problem—if someone’s information has been stolen, it can’t be effectively retrieved. You can only attempt to circumvent additional harm.
Threat based analytics can detect suspicious or unusual activity and flag that activity before it results in a breach. It can also be used to detect known attack types prior to their causing harm.
Threat based analytics can be compared to the monitoring that many financial institutions carry out. For example, if you happen to live in London, but your debit card has inexplicably been used in Paris, just a few minutes after a typical purchase in your home neighbourhood, the charge will be rejected and you’re likely to get a call from your bank. That’s because your bank has software which flags transactions that take place at unusual times or places—transactions that represent atypical behaviour.
Threat based analytics are a great deal more complex, but the basic concept remains the same. When unusual activity is detected, the appropriate persons are alerted, and the software doesn’t allow that activity to cause harm to the network.