Word of the Day: behavior-based security

Word of the Day Daily updates on the latest technology terms |July 6, 2018

behavior-based security Behavior-based security is a proactive approach to managing security incidents that involves monitoring end user devices, networks and servers in order to flag or block suspicious activity. Traditionally, security management has been signature-oriented; the security program monitors a data stream and compares code in files or packets to the code in an anti-virus vendor's library of known threats. In contrast, behavior-based programs compare the actions of files or network packets to a list of acceptable or suspicious actions. In general, signature-based tools are best at identifying and repelling known threats, while behavior-based are best for fighting zero-day threats that have not yet made it onto a list of known threat signatures. Behavior-based security software scans for deviations from the norm and has the intelligence to decide whether an anomaly poses a threat or can be ignored. Most behavior-based security programs come with a standard set of policies for specifying which behaviors should be allowed and which should be considered suspicious. Some also allow administrators to customize vendor-provided policies and/or create new policies. A behavior-based security software product may be marketed as a behavior-based intrusion detection product, a behavior threat analysis (BTA) product or a user behavior analytics (UBA) product. Some products are sophisticated enough to apply machine learning algorithms to data streams so that security analysts don't need to specify what comprises normal behavior. Other products include behavioral biometrics features that are capable of mapping specific behavior, such as typing patterns, to specific user behavior. Most products have sophisticated correlation engines to minimize the number of alerts and false positives. Quote of the Day "The behavior-based security systems find things that were previously hidden -- like something a software engineer is using or connecting to that is a bit sketchy." - Niel Nickolaisen   Trending Terms behavior whitelisting phishing malware breach detection system user behavior analytics adaptive security   Learning Center As long as the workforce is human, IT security education will fall short The human condition pretty much guarantees that IT security education will fail to protect the enterprise, CTO Niel Nickolaisen said. How a hybrid whitelisting-blacklisting approach can help enterprises Application whitelisting isn't enough. Here's why a hybrid whitelisting-blacklisting approach is best for enterprise security. User behavioral analytics tools can thwart security attacks InfoSec pros purchasing user behavioral analytics tools need to consider key features, deployment strategies and reasonable performance expectations. Behavioral threat assessment means real-time threat detection A behavioral threat assessment tool that provides real-time threat detection may be just what your enterprise security system needs now. Tackle endpoint defense issues to obtain the best endpoint security We're well past a blind reliance on antivirus scanning at the endpoint, but there's also not yet consensus on which next steps will bring are a must and which are just nice to have. Here's your guide through the endpoint thicket. Writing for Business Most major security breaches ____________ human error. a. can be attributed to b. are due to Answer       Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.