Fordway Blog

Using analytics to understand user access behaviour

[fa icon="calendar"] Oct 23, 2019 10:00:00 AM / by Neville Armstrong


In a digital world, network security moves from the organisation’s perimeter to the user. The most effective way to do this is to create a zero trust network, implementing least privilege and default deny policies for each user and each system.

Zero trust requires a full understanding of access management, so that rights, privileges and behavioral patterns can be aligned and built into policies. Data protection should also be incorporated in system design. The mapping of personal data needs to be considered carefully, in the light of GDPR, and zero trust can be built into systems to such a way as to restrict or prevent any data loss.

To create a zero trust network, organisations need to know who is accessing what data, when, where and why, so that they can wrap security around how their users actually work. For example, if someone is logging into the network at 10pm, is this normal behaviour? What applications and data are they accessing, and should this set alarm bells ringing?

My mantra for this is simple: you cannot manage anything that you do not understand. This is why behavioural and pattern based security is vital.

New call-to-action

There are many analysis tools available to understand user access behavior within existing applications. For example, Microsoft provides a number of analysis tools within the Office 365 suite, depending on which licenses an organisation has purchased. These include including advanced threat analytics (ATA) and advanced threat protection (ATP). You probably have them already – but have you implemented them?

Systems such as ATA and ATP analyse the environment and who is doing what, where and when. They are self-learning and will work towards a point when they will only alert you when they detect abnormalities in access and traffic flow. However, to use these tools effectively organisations need the resources to map their environment and the behaviour of their users, They can then tune the tools to create a picture of normal working at their organisation.

The information obtained through logging user behaviour can also be used for compliance analytics. This is a growing category of information analysis. It involves gathering and storing relevant data and mining it for patterns, discrepancies, and behavioural abnormalities. It enables organisations to better detect and head off potentially improper transactions before employees, third parties or even criminals steal money or achieve other criminal objectives. Compliance analytics helps companies proactively identify issues, take corrective action, and self-report to regulators on a timely basis.

Although this sounds like a huge amount of work, remember that mantra again: you cannot manage anything that you do not understand. If you already have the tools within your organisation, there is no excuse. Start using them now to gain that understanding. If you’d like some advice, please get in touch.

Topics: Security

Neville Armstrong

Written by Neville Armstrong