Photo - Pauline Jacintha, Country Manager, Cyberoam Malaysia.
Networking security specialist Cyberoam, a Sophos company, said it has introduced a new capability called User Threat Quotient [UTQ], which allows Malaysia's IT security managers to spot risky network users at a glance.
Cyberoam Malaysia country manager Pauline Jacintha said the UTQ functionality is the result of the extension of the company's Layer-8 technology innovation, and another foray into user-identity focused security.
Jacintha said that UTQ, which was available on Cyberoam's Next-Generation Firewall and UTM appliances, derived information from out of user's web traffic to determine risky users that pose security and /or legal risks.
She said research often pointed to users as being the weakest link in the security arena, but that behaviour patterns could be used to anticipate and manage attacks.
"Enterprise networks in Malaysia generate lots of data with ample clues into user-triggered events, but the information remains incomprehensible and correlating data from various logs and reports takes time and special skills, and is subject to the risk of human oversight," said Jacintha.
Many organisations and security managers were moving to a pre-emptive security stance with the use of big data analytical tools, she added.
Winds of change
"Most security teams struggle with timely detection of risk-prone user behaviour since they remain devoid of required actionable security data," said Jacintha. "UTQ effortlessly profiles suspicious web behaviour of network users, helping security teams with actionable inputs and relieving them from having to go through a labyrinth of massive logs."
She said that Cyberoam's UTQ process studied the web behaviour of users by analysing the data of allowed and denied web traffic for web categories like IP Address, P2P, Phishing and Fraud, Porn, Spam URL, Spyware, URL Translation Sites and more that pose security and legal risks.
Jacintha said UTQ will help CSOs and IT security managers by:
1. Identifying 'risky users based on their web behaviour
2. Removing complexity in analysing terabytes of logs
3. Eliminating the need for SMBs (small and medium businesses) to invest in separate SIEM tools
4. Allowing investigation into the spread of risk within the network
5. Enabling corrective actions to fine-tune user policies
"The winds of change in IT and network security clearly points to a growing need to focus on internal threats or risks from users," she said. "As a result, many CXOs now identify analytics and actionable security as a key investment area besides cloud, virtualization and mobility, to leverage security analysis that enable faster decision making. Extending its own innovation of Layer-8 identity-security with UTQ.
Sign up for Computerworld eNewsletters.