Replacing Inaccurate Rule-Based Application Detection with User Journey Analytics
The Cybersecurity Detection Landscape
These Detection Solutions - NDR, EDR, CASB - Are Based on Two Main Technologies
Rules and patterns that define forbidden activities at the various layers. Rule-based detection solutions are notoriously inaccurate and expensive.
Frequency/volumetric statistical analysis of the user and entity activities (UEBA). UEBA failed to increase accuracy due to a fundamentally mistaken assumption that user behavior can be characterized by statistical quantities.
Rules and UEBA have been effective due to major commonalities in the network, device and user access layers. However, applications are dissimilar, raising the level of detection complexity.
Why Does Application Layer Detection Require a New Approach?
Each application has its own activities and log formats, which means the detection standard for applications today is based on rules and patterns that are tailored for each application based on its activities.
Rule based detection detects only known attack patterns, generates a high number of false alerts, requires constant expensive maintenance, and it doesn’t scale. Thus, a new approach to detect malicious activities is required.
The need for a new approach is emphasized by the transition from on-prem business applications to SaaS applications and cloud based applications, as well as the exposure of application layer services via APIs.
RevealSecurity’s Innovative Approach to Application Detection and Response
RevealSecurity’s solution applies a completely different approach to application detection by adopting the concept of user journey analytics for detecting malicious activities at the application layer. Analyzing the entire user journey (i.e. the user session) provides the detection mechanism with a context that is crucial to achieving the high accuracy expected from a detection solution.
In addition, RevealSecurity has generalized the user journey analytics in order to make it applicable for every application, whether custom built or SaaS.