All right kiddies, time to put your learning hats on again and listen up while aunty Kat teaches you about another groundbreaking development in the world of cloud security, called User Behavior Analytics. (Also known as User Behavior Heuristics, until Gartner jumped in and coined an easier name to pronounce, also one that sounds a bit less voyeuristic.)

In the beginning, we had firewalls. Sometimes one, sometimes many. Then we started adding layers, like Security Information Management (SIM), to gather and analyze data from network and security devices, in order to monitor and manage access, and review incidents. Note: “review” as in, after the fact. Not so useful in preventing attacks.

The next stage of evolution was Security Event Monitoring (SEM), which deals with near real-time monitoring and correlation of security events. This means you look at everything that’s happening in all the security devices across the network and try to figure out what it means. (We’re getting warmer.) Naturally, the next step was to merge these two into SIEM: Security Information and Event Monitoring. SIEM combines the real time monitoring of SEM with the analysis of SIM. It’s about a single pane view of the big security picture, monitoring and analyzing data from multiple devices, locations, and sources, in near real-time. The idea is to detect unusual activity that indicates a data breach and shut it down as quickly as you can.

Sounds pretty good, right? It is, but it still leaves a bit of a gap when you’re dealing with viruses and evil geniuses, who can move pretty darn fast. Especially if they get access from the inside due to stolen user passwords or other inside threats. They don’t need long to crawl through your system and gather everything they need, before disappearing back up the chimney like the Grinch on Christmas Eve. (Or worse, sticking around like that brat Goldilocks after she ate your porridge and broke your favorite chair. Some people are so entitled.)

Enter User Behavior Analytics, a new approach to network security which tackles the growing problem of insider threats, targeted attacks, and financial fraud, by detecting unusual patterns of behavior and heading them off at the pass.

How do they do this? Well, it’s a combination of math and psychology. First, you establish some baseline behavior patterns in your users. If you ever took psych 101, it’s like the control group. (The rats who don’t get the sugar.) Then you gather real-time user behavior data and apply algorithms and statistical analysis to the ways all of your users are using your network, including cloud apps. If the algorithms detect unusual behavior (ie. rats climbing the walls) that suggests either an employee’s login or access has been stolen or compromised and is being used maliciously, or a disgruntled employees is doing bad things, you get an instant alert and can shut them down and find out just what the heck is going on down there, before it’s too late. It’s like taking the lighter out of Milton’s hands before he burned down the building and headed to Mexico. (Or taking the sugar away from the crazy rats.)

In terms of cloud security, it’s the new black. Stay tuned for more on this in the months to come. User Behavior Analytics, we’ve got our eyes on you.