In the first two installments of our Correlation Mini-Series, we talked about Identity Correlation and Event Correlation. In our final installment, today we address a new type of correlation called Behavioral Correlation.
Behavioral correlation is a relatively new term in IT security because, quite honestly, the industry has struggled with identity correlation and event correlation so far. While identity correlation deals with a current state of accounts and event correlation examines events occurring within a specific period of time, behavioral correlation looks at a current event and compares it to historical action patterns.
The most basic instance of behavioral correlation is account login. Let’s say Rachel Johnson typically logs into an application every weekday between 9am and 6pm from a device in the US, something that only can be understood by collecting her login events over time. If she travels to Bangalore and attempts to log into an application, behavioral correlation determines that this login, while successful, does not match her typical login patterns. This could cause a pre-set policy for this situation to go into effect, requiring Rachel to provide additional information, such as a one-time password sent to her phone.
How do Behavioral Correlation and Identity Management Work Together
Because behavioral correlation is such a new technique in IT security, most identity management platforms are not currently able to handle it. They don’t have the infrastructure to do so. Due to the huge amounts of data collected and the speed at which it all must be processed and analyzed, a typical identity management configuration will not suffice. A significant Big Data analytics infrastructure is needed.
In theory, behavioral correlation should live in identity management platforms, so the most innovative identity management vendors are investigating behavioral correlation and how it could play a part in the future of identity management. It’s certainly something we’re closely assessing and analyzing.
Now that we’ve discussed all three types of correlation in our Correlation Mini-Series, check out our free guidebook, Do You Need Correlation?, which can tell you more about what to look for in an identity management platform as it relations to correlation.
And don’t forget to read the first two posts in our Correlation Mini-Series on Identity Correlation and Event Correlation.