News, news analysis, and commentary on the latest trends in cybersecurity technology.

Identity threat detection and response adds user entity behavioral analytics to fraud detection, creating a powerful tool for real-time protection.

4 Min Read
Photo illustration of boss watching employee through magnifying glass
Source: Zoonar GmbH via Alamy Stock Photo

The advantages of using proactive approaches to identify threats before attackers can cause too much damage are clear to enterprise security teams. One such approach, identity threat detection and response (ITDR), focuses on finding and mitigating threats by monitoring user behavior and detecting anomalies.

ITDR involves the continuous monitoring of user identities, activities, and access patterns within an organization's network. Security teams use ITDR tools to detect and respond to potential threats and unauthorized access attempts in real time.

ITDR typically involves five key components:

  • Data collection: Gathering user activity data from various sources, such as log files, network traffic, and application usage.

  • User profiling: Creating a baseline of normal user behavior patterns, including access habits, data usage, and time spent on specific tasks.

  • Anomaly detection: Comparing current user activities with the established baseline to identify deviations that may indicate potential threats or unauthorized access attempts.

  • Alerting and response: Notifying IT security teams of suspicious activities and providing them with the necessary information to investigate and remediate threats.

  • Continuous improvement: Updating user behavior baselines and refining detection algorithms as users and threats evolve.

ITDR is not an entirely new concept. Rather, it builds on established methodologies, such as fraud detection and user entity behavioral analysis (UEBA).

Fraud detection refers to the process of identifying and preventing fraudulent activities, such as unauthorized transactions or account takeovers, in industries like banking and finance. Fraud detection systems analyze vast amounts of data, including user behavior, transaction patterns, and historical trends, to identify anomalies that may signal fraud. By detecting potential fraud early, organizations can mitigate financial losses and protect their customers' trust.

Similarly, UEBA is a security approach that focuses on detecting and preventing insider threats by monitoring user activities within an organization's network. UEBA solutions analyze user behavior patterns — such as login times, data access, and system use — to identify deviations that may indicate malicious intent or compromised accounts. By detecting potential insider threats early, organizations can prevent data breaches and minimize damage to their reputation.

How ITDR, Fraud Detection, and UEBA Are Similar

At their core, ITDR, fraud detection, and UEBA share the common goal of identifying and mitigating potential threats by monitoring user behavior and detecting anomalies. While their specific applications may differ, they all leverage advanced analytics, machine learning algorithms, and continuous monitoring to achieve this goal. Here are some key similarities between these approaches:

  • Centered on data: All three methodologies rely on the collection and analysis of large volumes of data to detect potential threats. This includes user activities, access patterns, and historical trends, which are used to create a baseline of normal behavior and identify deviations.

  • Real-time monitoring and detection: ITDR, fraud detection, and UEBA solutions continuously monitor user activities and analyze data in real time to detect potential threats as they occur. This enables organizations to respond quickly to incidents and minimize damage.

  • Anomaly detection and alerting: These methodologies employ advanced analytics and machine learning algorithms to identify anomalies that may signal potential threats. Upon detection, IT security teams are alerted, enabling them to investigate and remediate incidents.

  • Emphasis on adapting and evolving: ITDR, fraud detection, and UEBA solutions are designed to adapt and evolve as user behavior and threat landscapes change. By continuously updating behavior baselines and refining detection algorithms, these systems remain effective in detecting new and emerging threats.

  • Focus on prevention: These approaches emphasize proactive threat detection and response, aiming to identify potential incidents before they can cause significant harm. By focusing on prevention, organizations can reduce the impact of security breaches and protect their valuable assets.

Risks and Rewards of Moving to ITDR

As the cybersecurity landscape continues to evolve, the need for innovative and proactive security solutions becomes increasingly apparent. Heidi Shey, principal analyst at Forrester Research, predicts CISOs will encounter two serious risks in implementing ITDR. First, a C-level executive could be fired for its firm's use of employee monitoring, which can violate data protection laws, such as the General Data Protection Regulation (GDPR). Second, a Global 500 firm could be exposed for burning out its cybersecurity employees, who are expected to be available 24/7 through major incidents, stay on top of every risk, and deliver results in limited time frames.

Shey also predicts that at least three cyber insurance providers will acquire a managed detection and response (MDR) provider in 2023, continuing the trend that Acrisure started in 2022. These MDR acquisitions will give insurers high-value data about attacker activity to refine their underwriting guidelines, provide unparalleled visibility into policyholder environments, and enable them to verify attestations. Such moves will change cyber insurance market dynamics and the requirements for coverage and pricing, which should help push security measures like ITDR into common use.

ITDR is not a radical departure from established cybersecurity methodologies but rather an extension and refinement of existing practices. By recognizing the common threads among ITDR, fraud detection, and UEBA, organizations can build on their existing security investments and expertise to create a more comprehensive and robust security posture.

About the Author(s)

Jonathan Care, Contributing Writer

Jonathan Care is a recognised expert in the field of Cybersecurity & Fraud Detection. A former top-rated Gartner analyst, Care was responsible for defining the Fraud market, and leading Gartner’s Insider Threat and Risk research. He regularly advises cybersecurity industry leaders on strategic growth and has worked with key figures in industry and government across the globe. He is a lead contributor for Dark Reading, an industry-defining publication.

Care has testified in court as an expert witness and forensic investigator and is a Fellow of the British Computer Society. He also fuels his creative passion as a composer of film/TV music.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights