While behavior-based analysis for authentication (and threat detection) is necessary for many organizations, it is anything but simple.
"The focus on network-based behavior is always going to be fraught with complexity and lack in key context to make effective decisions," Woolwine says. "Think about network-based behavior analytics as being able to understand the travel patterns of commuters but not understand what they do before, after, and during their commute."
Says Chris Rothe, co-founder and chief product officer at Red Canary: "Anomaly detection is inherently difficult, but it is basically impossible if you don't have baseline of what normal is to compare against. Depending on what you used to establish that baseline, it may be completely invalid when a fundamental change in where or how your employees are working."
Still, Woolwine says, "Anyone tossing behavior-based detections out the window due to the shift in work habits doesn't really get behavior-based detection in the first place. While we did see a temporary decrease in the effectiveness of network-based behavior detections against authentication gateways, the algorithms recovered within 48 hours."
Related Content:
- COVID-19: Latest Security News and Commentary
- Could WFH Staff Be Violating Privacy Laws During Conference Calls?
- 5 Tips for Effective Threat Hunting
- State of Cybersecurity Incident Response
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.
