The role of Behaviour Analytics & Machine Learning in Cybersecurity

  • Written By WHISHWORKS
  • 29/01/2019

In 2017, Lloyd’s of London has warned that a serious cyber-attack could cost the global economy more than £92bn. Recent incidents show that this estimation is not far-fetched. According to Reuters, cyber-crime attacks to two thirds of Germany’s manufacturers, costed 43 billion euros. Closer to home, WannaCry cyberattack costed the NHS £92 million, whereas the TalkTalk cyberattack costed the company £77 million.

The real costs however are hard to measure. Besides the obvious costs which may include fines, costs from operational disruption, and upgrading IT systems, trust and brand reputation costs may have much harsher financial repercussions in the long-run for the business. 

Old tools and systems are quickly becoming obsolete, whereas malicious attacks are getting increasingly advanced. Hackers, competitors and industrial spies can break into firewalls, penetrate enterprise systems, send phishing emails, or even bribe to gain access into enterprise systems.

Today, enterprise organisations require new, intelligent tools and methods to prevent, detect and terminate cyberattacks in real-time. User and Entity Behaviour Analytics (UEBA) uses Machine Learning to help foil cyber-attackers by discovering security anomalies. Using machine learning and algorithm techniques, UEBA tools analyse logs, system reports, network packets, files and detect when there is a deviation from established patterns, showing which of these anomalies could result in a potential, real threat.

Risk areasOld toolsUEBA tools
Slow response times to threatsAs cyberattacks are becoming more sophisticated, traditional tools fail to detect them fast enough to enable the organisation to effectively prevent or stop an attack.Machine Learning powered UEBA tools can get ahead of a cyberthreat and actively respond to a suspicious incident in real-time, rather than just sending an alert that might get into a queue of countless other alerts for investigation.
Risk & Attack SurfaceOrganisations with a large sum of the different points (surface) where an unauthorised user can try to enter data to or extract data, have larger exposure to risk and attacks.Keeping the attack surface as small as possible is a basic security measure. UEBA analyses the risk and attack surface of an organisation to  help proactively reduce their attack surface, making it harder to compromise.
Vulnerability AssessmentTraditional tools may not be able to assess the full scale of an organisations’ vulnerabilities due to siloed operations, evolving software tools etc.UEBA tools can enable the security team to better understand the vulnerable points (such as weak passwords or shared endpoints) and address them before an incident occurs as well as help accelerate incident investigation.
Events Frequency & Operational Efficiency  Not all events present a real threat, but organisations that do not have the technology to quickly and effectively classify an event, may have to experience frequent, unnecessary disruptions to their operation by ‘false’ alarms.The automation introduced by Machine Learning and UEBA tools, allows security teams to focus on real threats and less on false positives.

Interested in Data & Analytics? Get in touch

Among the areas where UEBA can help organisations enhance their cybersecurity are:

Detect insider threatsIt is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA will detect data breaches, sabotage, privilege abuse, and policy violations made by your own staff.
Detect compromised accountsSometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA will help weed out spoofed and compromised users before they can do real harm.
Detect brute-force attacksHackers may target your cloud-based entities as well as third-party authentication systems. UEBA will detect brute-force attempts, allowing you to block access to these entities.
Detect changes in permissions and creation of super usersSome attacks involve the creation of super user accounts. UEBA will allow you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.
Detect breach of protected dataUEBA will detect any unusual interaction or request for protected data, applying intelligence to assess whether access should be granted based on the user profile.

Final thoughts
Many hackers are already using Artificial Intelligence and Machine Learning techniques to boost their attack capabilities. User and Entity Behaviour Analytics can help organisations proactively assess potential vulnerabilities and threats, whereas with the algorithms continuously being optimised with new information, keep their security measures up-to-date.

If you would like to find out more about how Machine Learning could help you become more agile and more competitive, do give us a call at +44 (0)203 475 7980 or email us at

Other useful links:

How will Artificial Intelligence change the banking industry

Next Generation User and Entity Behaviour Analytics

Machine Learning for Competitive Intelligence in Retail – White Paper

Latest Insights

Salesforce FSC - Modelling Relationships -1

Salesforce FSC – modelling relationships, part 1

The value and the complexity of a relationship are the main factors in using Modelling Relationships in Salesforce Financial Services Cloud.

Data Mesh

Data Mesh – a paradigm shift

To address the increasingly unmanageable expanse of data, data mesh is fast becoming the go to approach for organisations.


Litify partners with WHISHWORKS

Top legal SaaS firm Litify, selects WHISHWORKS as one of its expert Delivery Partners, to ensure accelerated time-to-value for its clients.