Why UEBA makes sense for UC RTC

March 23rd, 2017

With the increasing number of 911 outages as of late, perhaps it’s time for Service Providers to review incident response methods for the telco and UC environments. Earlier this year, while I was at RSA attending some of the Key Note presentations a declarative statement was made. The statement was that it was now apparent that a key method of solving cyber security problems in the Enterprise was the notion of Security as a platform. We have certainly seen our fair share of security based threat detection platforms rise over the past 3 to 4 years or so. As new players entered the market the space began to get more and more crowded. And as such, number of these big data platform vendors scrambled to add incident response, (IR) to find some differentiation. Perhaps it’s time for these “Big Data” platforms to focus on the mobile and unified communications problem space.

Some of these platforms were categorized early on, to be in the UEBA space in the Gartner 2015 UEBA Market report, (User Entity Behavioral Analytics). As evolution in the space continued a divergence began to appear. Some of the newer entrants into the market combined UEBA and other core competencies targeting particular areas of focus. We have now seen behavioral analytics, (BA) built into: end point protection offerings, SIEM, DLP, Identity Access and even CASB (Cloud Access Security Brokers). We’ve seen this divergence summed up in one interesting question. Is UEBA a product or a feature? The early entrants may argue that it is a platform to be used for solving many different business problems including cyber-security. The others would argue that UEBA enables a number of things:

  1. The ability to manage and scale for big data,
  2. Will have inherent capabilities for behavior analytics and machine learning
  3. Core competencies relative to a specific problem space.

I firmly believe that the generic standalone UEBA platforms certainly have merit. However, you can’t argue the fact that the combined core competencies of an established vendor adding in BA really brings the solution to a new level. It’s obvious that the industry agrees, otherwise we wouldn’t see the continued growth of the BA platforms across all these other disciplines. Another added indicator is the continued acquisition rate of the standalone platforms.

So let’s explore the value proposition of a big data platform that focuses in the mobile/ UC space. With embedded threat intelligence, (bad actors, phone numbers) and machine learning properties, wireless and wireline service providers can more efficiently identify and mitigate new threats such as Telephony-Denial of Service (T-DoS) attacks targeted at emergency (911) call centers. With policy based mitigation capabilities, these types of threats could easily be identified and thwarted. Much like the UEBA platforms do today for traditional cyber security data environments, A UCBA (Unified Communication Behavioral Analytics) platform could focus on any number of real-time communication attack vectors such as, Robocalling, TDOS, Toll Fraud, and even data exfiltration. The key differentiator would be the decades of real-time communications experience built into the intelligent threat models that focus on these underserved areas. One thing is for certain, the service provider and enterprise communities will need some next generation options for solving security issues on the new real-time communication attack landscape.

Ask Us Anything!

Ribbon's team of professionals are ready to answer your questions, guide you to the right solution or help you with your network design.