What is UEBA and why is it important?

UEBA, or User Entity Behavior Analytics, is a type of security technology that uses machine learning algorithms to identify unusual or suspicious user behavior within an organization’s network. This can include unusual login activity, unauthorized access to sensitive data and unfamiliar communication patterns.

UEBA is an essential tool to detect and prevent cyberattacks and insider threats. It can help organizations to identify potentially malicious behavior that may not be detected by traditional security measures such as firewalls and antivirus software.

Benefits of using UEBA

Things to consider before implementing UEBA

Conclusion

The UEBA tool provides a proactive mechanism to continuously monitor activity within an organization’s network, identify unusual or suspicious user behavior and prevent cyberattacks through machine learning algorithms. To leverage the benefits of UBEA, both business and technology functions should decide on goals, expectations, and put together a team that can fully utilize the tool for maximum results.

Given the higher volume and velocity of cyberattacks owing to an increasingly hybrid workforce, enterprises must always be prepared to protect their data in the event of an attack. The Zero Trust approach to cybersecurity has become one of the most popular means of safeguarding communications and data.

Why do enterprises need to rethink their network security?

The traditional approach to cybersecurity was to identify and implement specific remedies to defend against every potential danger and attack. To achieve this, organizations have deployed a variety of solutions, such as Web Application Firewalls (WAFs), firewalls for network security and end-point protection for malware. According to an independent study by IBM, today’s businesses have implemented an average of 45 security solutions across their networks. This traditional method creates a security gap in interoperability between tools. Moreover, there are unnecessary overlaps between multiple devices or software each being paid for through its own licensing – simply put, too many solutions from too many vendors.

Therefore, we need a framework to ensure the security of modern enterprises against volatile cyberattacks.  Implementing the Zero Trust approach has never been more critical.

What is Zero-Trust

A Zero Trust environment cannot be implemented overnight. It is a gradual transformation where every step of a digital transaction is validated using various security implementations. These implementations adhere to a standard set of rules set by the National Institute of Standards and Technology (NIST). Some examples of these implementations are Identity and Access Management (IAM), Zero Trust Network Access (ZTNA), Micro-segmentation, and DevOps. Migrating business processes into these implementations is one way to implement Zero Trust.

Benefits of Zero Trust

According to a Statista survey, 30% of companies have already begun to roll out Zero Trust security solutions, and 42% plan to do so in the near future.

Some benefits of implementing the Zero Trust security model are as follows:

• Focus on proactively implementing security solutions as a strategic business objective, rather than implementing on a per-use case.

• End-to-end organizational security of identity/access/workloads spanning across users, applications, and infrastructure.

• A proper inventory of users, devices, applications, and services will be beneficial for an organization’s auditing and performance planning.
• Gain access and identity control over cloud and container environments when moving to hybrid/multi-cloud architectures.
• Reduced risk of a data breach with the principle of least privilege.
• Improved monitoring and alerting of cyberattacks.

Conclusion

Adapting this framework is not without its challenges. Identifying business processes with the lowest risk of failure during the transition to a Zero Trust architecture is the first step towards migrating critical entities over time. Check out our next article to learn more about Zero Trust security, which focuses on an end-to-end approach to establishing enterprise resource and data security.

Today’s enterprises operate in a distributed manner, with assets and workforce scattered across the world. Owing to this, technology deployment and management have changed over the years. Networks have become distributed; applications are hosted on cloud services and the number of remote employees is rapidly increasing. It is clear that fully centralized IT networks are slowly but surely moving toward extinction. Similarly, the cyberattack vector is growing rapidly, and cybercrimes are finding new and increasingly sophisticated ways to steal data and disrupt business operations. After all, a walled city cannot protect its people when they are roaming outside of it.

Before Cyber Security Mesh

The traditional approach to cybersecurity was to identify and implement specific remedies to defend against every potential danger and attack. To achieve this, organizations have deployed a variety of solutions, such as Web Application Firewalls (WAFs), firewalls for network security and end-point protection for malware. According to an independent study by IBM, today’s businesses have implemented an average of 45 security solutions across their networks. This traditional method creates a security gap in interoperability between tools. Moreover, there are unnecessary overlaps between multiple devices or software each being paid for through its own licensing – simply put, too many solutions from too many vendors.

CSMA provides four foundational layers that make it possible for various security controls and solutions to cooperate with one another and make deployment, configuration and maintenance easier.

The four layers are as follows:

• Security analytics and intelligence
• This layer is responsible for accurately gathering data from threat resources. CSMA will develop a rapid threat response strategy based on data security tools such as SIEM and SOAR that can analyze potential threats.
• Distributed identity fabric
• This layer is responsible for providing identity and access management, an essential component of a Zero Trust strategy.
• Consolidated policy and posture management
• This layer is responsible for managing and enforcing consistent security policies across different environments. CSMA translates the central cybersecurity policy into the foundational framework for every security solution or can offer dynamic runtime authorization services.
• Consolidated dashboards
  • Having to switch between numerous dashboards from different security vendors or tools decreases the effectiveness of security operations. Using an integrated dashboard, CSMA provides a composite view of the complete security architecture e platforms.

Key features of CSMA

How different vendors approach CSMA

Several cybersecurity vendors have “CSMA-like” approaches that can provide benefits of scale and cost to an extent. However, they have the potential for vendor lock-in due to a lack of interoperability.

• Fortinet Security Fabric: Designed to manage the entire digital attack surface, while reducing risks by eliminating vulnerabilities and gaps in security.
• Checkpoint Infinity: Provides consolidated security across an organization’s entire IT environment, enabling centralized security management and integrated threat prevention and response.

Conclusion

According to Gartner’s strategic assumption, “By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of individual security incidents by an average of 90%.”

It is clear that traditional security approaches are failing to fulfill fast-evolving and demanding cybersecurity requirements. However, many enterprises remain stuck with traditional cyber security methods. Larger enterprises with complicated IT systems (such as banks and government organizations) have invested heavily in several security solutions to individually protect each asset in their environment. Cybersecurity Mesh Architecture (CSMA) contributes to the creation of a unified, integrated security framework for all assets, whether on-premises, in data centers or on the cloud. Through standardizing the communication between security solutions, CSMA enables standalone security products to coordinate and interoperate, increasing overall security.

The challenges we faced…

The COVID-19 pandemic forced businesses to rethink their business models and shift to remote working or a work from home (WFH) format. While facing a global crisis situation like no other, they also had to learn on-the-go to steer their businesses through this style of working. As project managers (PM), we too shifted to the WFH model, but navigating it came with the following challenges:

• Our modes of communication were limited to calls, emails and WhatsApp messages, which was a challenge in itself. In the pre-COVID era, we conducted meetings with teams, clients and stakeholders in-person. This helped the PM form the right team, understand customer requirements better and discuss feasible methods of project execution. Similarly, it helped the customer to better understand the project progression, from planning to execution.
• Owing to the new health protocols put in place, our technical teams could not visit operations sites, locally or overseas, for the installation and configuration of hardware.
• While our technical teams would usually work on-site at the customer’s location, the pandemic brought about new rules and regulations on a nation level, as well as by some customers. For example, some businesses restricted access to outsiders. Our teams had to improvise or obtain special permissions to utilize customers’ VPN connectivity in order to directly link to their systems and servers.
• There was an urgent need to create dedicated workspaces in our homes to conduct official online meetings.
• We were obligated to arrange special transportation for critical technical teams to visit client sites during the mandatory lockdowns.
• Office access was granted for certain project teams in order to obtain the necessary equipment for their work.
• Printing of project documentation was done using office printers to maintain quality, while binding and transporting them to customers was also done in-house.
• We had to obtain digital signatures from customers and project teams for project documentation.
• Coordinating overall team activities to work as a single unit became a task in itself.

How we overcame these challenges?

It was a challenge to adopt to this new way of working overnight in March 2020. We had to navigate the country’s restrictions on movements and adhere to changing health guidelines, which was something entirely new for us. Here are some actions we took to overcome the challenges:

• We conducted daily meetings and stand-ups with the project teams, and had frequent online discussions and phone conversations with our respective subgroups to monitor project tasks.
• We were able to obtain special approval from customers to visit them onsite for location-based implementations. Our company also required us to keep track of visits to external sites via a new contact tracking system.
• The technical team required VPN connectivity in some cases, which was duly provided by the customers as the best safety net for the employees of both companies. In other cases where VPN permissions were not obtained due to critical secure systems, we were able to organize isolated spaces within the premises for our resources to work on the project.
• With the assistance of our transportation team, we arranged special transport for some individuals during the lockdown, and the contact tracking system was maintained.
• The company provided clearance for key resources to visit certain sites for critical projects with assistance from the customer.
• Staff within the office premises assisted us in many tasks, from obtaining the necessary hardware to printing and binding project documents.
• We learned to adapt to using modern communication tools extensively to connect with our teams, as well as customers.

How did you change your management style to adapt to WFH?

When addressing these challenges, we had to change our style of managing projects and teams as follows:

• Changes in the mode of communication from in-person and direct to online and distant, including adopting various audio and video communication tools.
• Managing customers from a distance.
• Working on operational tasks such as procurement, delivery of hardware, project expenses, etc, from home.
• Delivering status reports to client sponsors via online communication tools such as MS Teams, Cisco Webex or WeMeeting.
• Learning to manage all our daily office activities from one location.
• Adapting to and using new processes for online client meetings, including using a single corporate background.
• Organizing training and knowledge sharing sessions for stakeholders via online platforms.

Advantages of WFH?

A company’s management strives for synergistic value creation yet, working together doesn’t come easy: it requires constant effort and mutual understanding.

When considering a Chief Information Officer (CIO) and a Chief Finance Officer (CFO), the former is known to look at an innovative outlook and the latter is expected to look at a realistic one.

Imagine this: A CIO comes up with an innovative digital solution to address company’s problems. It’s seamless in integration, superior in quality, faultless in performance, rich in detail and simply, perfect. Still, when the financial approval is sought, the CFO may reject it because it’s too costly, too over-the-top and seems to be a mountain of a solution when the requirement is a molehill. Sounds familiar?

CIOs sometimes struggle to communicate the ROI of IT projects, as well as priorities, costs, commitments, and cash flows. Still, their knowledge and experience of technological solutions and their network of technology partners are priceless. CFOs often consider IT as an expensive budget item and therefore look to cut any cost they deem unnecessary.

Most CIOs are aspirational in their thinking; they seek the perfect solution and look at the future. CFOs, on the other hand, stand by the principle of “earn the right to spend” and place priority on ROI which can often be overlooked or oversimplified by CIOs.

This clash in philosophy often results in grudges, preconceived biases and ultimately, blocking the pathways for the company’s progress in the digital world.

3. Create efficient and automated processes 

In many organizations, finance teams are still overwhelmed with manual tasks. Legacy systems – or simply MS Excel worksheets – are still favored over ERP systems and other advanced processes.

This traditional mindset has normalized slow speeds in organizational accounting, which sometimes justify why many companies release last month’s results in the middle of the following month!

The criticality of data-based solutions is still a novelty in many companies, hindering progress and resulting in slower and thereby less effective decision-making.

A good relationship between CFO and CIO will help instill better and more efficient processes while managing and overcoming resistance to change. With two teams working in tandem towards the unified objective of efficiency, legacy systems and manual workloads can be replaced by digitally advanced solutions that create a competitive edge. More importantly, when Finance and IT work together with mutual trust and confidence in each other, process automation can be achieved seamlessly and at a fraction of the time it will otherwise take.

4. Use of technology to enable insights 

Data is the currency of success.

Both CFOs and CIOs carry a gamut of data that can be used in analytics and insight generation to drive business performance. When shared, these sets of data become a treasure trove of information.

Having the right data at the right time is crucial for business success. So, nurturing a good relationship with a team that has the data you need is a simple formula for success.

CIOs and CFOs working together to orchestrate data across the organization generates critical business insights that drive strategic responses.

 5. Technology that brings strong ROI

CFOs always want to see higher ROI from IT investments while CIOs might struggle to prioritize projects that bring tangible business outcomes and higher ROI. Therefore, collaboration is essential whenever an investment decision is required.

When seeking approval for an investment, many IT teams find it challenging to talk to finance teams since they focus on qualitative factors while the other seeks quantitative angles. This results in a clash and subsequent rejection. Yet if both teams can compile a joint business proposal, getting Board approval becomes easy and mutual.

While there are many industry-specific use cases, the following are some generic data analytics use cases that affect revenue and cost, directly or indirectly.

The future of the IT and Finance relationship