Network security and automation: Why you need user identity analytics now

In multi-cloud IT environments, detailed information about the identity of each network user is more important than ever, because it serves as the key evidence helping teams ferret out unauthorized data access, security breaches, and privacy invasions. Moreover, identity-based user analytics are a central ingredient for today’s advanced security strategies like micro-segmentation, granular perimeter enforcement, and Zero Trust, which are known to make the network more resilient to attacks.

The problem is this: SD-WAN management portals don’t always provide this critical data. Here’s a guide to understanding the value of user analytics and why these details are an increasingly important element for both your security today and for your network automation tomorrow.

What is identity and access management?

Identity is who you are, the way you are viewed by your organization, and the characteristics and behavior that define you. A common example of identity on a corporate network is a person’s name and email address stored in Microsoft Active Directory. It can also be a coded name, number, or password. Other sources of identity include the device name, location, time of day, the risk and trust of the user’s device, and even the application and data sensitivity being accessed.

These are primary ways of verifying that a person or user is who they say they are. This information is used for data governance and identity access management (IAM), which is a method for restricting information and network access based on the roles of individual users. When digital enterprises must provide secure information access based on the identity of a person or based on the identity of a device (or both), IAM delivers the information and methods for decision making at the source of the connection. Specific IAM technologies include centralized authentication, single-sign-on (SSO), session management, and authentication or authorization enforcement and are typically integrated into cloud applications and network services.

Why user analytics take central stage in advanced security

The concept of granularity helps explain why identity is now taking a central role in security strategies. This detailed information acts as a prerequisite for micro-segmentation, granular perimeter enforcement, and Zero Trust because it give IT teams:

• More options for identity verification: Now your security team can validate or even double verify users based on more than just simple ID/password logins or per-site analytics that are typically available with network and SD-WAN management portals. IT teams can also identify endpoints based on the user identity and based on the endpoint’s location–this is a critical need for managing virtual workforces and remote employees amid the COVID-19 pandemic.
• Deeper visibility to accelerate security: Tracking potential threats per-user (rather than solely per-site) helps accelerate security remediation. Analytics help IT teams understand each user’s impact on the network. They are also helpful with shadow IT discovery, where IT teams get a list of the high-risk cloud applications they didn’t know employees were running on their network–but now they need user analytics to understand who specifically is using those applications. Additionally, they are helpful in tracking threats across segmented networks and “East-West” or server-to-server traffic.
• Granular control for stringent security policies: Analytics can be used to see who is using the most bandwidth and who is connecting their computer to servers unbeknownst to the corporate IT team. What’s more, they can be used to design conditional data access to both cloud and on premise assets and can be leveraged to enforce consistent security policies. In fact, a robust IAM system adds protection through consistent user access application rules and policies across the enterprise.
• Cloud visibility: Analytics show user activity both on premise and in the cloud, which means IT leaders can understand user activity everywhere and better protect their entire IT environment via more granular insights.

All of this explains why user analytics are increasingly important according to Gartner’s “Magic Quadrant for Access Management,” which reported:

• “By 2022, 60% of access management (AM) implementations will leverage user and entity behavior analytics (UEBA) capabilities, up from less than 10% today.
• By 2022, 60% of all single sign-on (SSO) transactions will leverage modern identity protocols like SAML, OAuth2 and OIDC over proprietary approaches, up from 30% today.
• By 2024, the use of multifactor authentication (MFA) for application access through AM solutions will be leveraged for over 70% of all application access, up from 10% today.”

With more devices, services, and users to manage today, enterprises face more security risk, as these are targets for unauthorized access. Ineffective access management is risky for compliance (especially the increasing domestic and international privacy regulations) as well as security. Missing or poor access management can lead to damages from both external and internal threats. So, it’s clear to see why per-user analytics are sought-after security tools.

Unknown benefits: User analytics essential for the autonomous network

Security is such a hot topic today that IT leaders often miss the lesser known advantages of per-user analytics. As the data set that feeds network decision making and automated control, identity information is considered one prerequisite for intent-based networking policies and the autonomous (“self-driving”) networks. They serve as a foundational element for the future.

When autonomous networks (and their centralized management portals) include per-user analytics, you will be able to give the network your high-level business needs and it will “understand” your intent regarding identity access management and bandwidth priorities per user. Moreover, the network will be able to monitor itself and modify underlying actions in ways that tune itself to your changing needs–and all in real time. Network service providers aiming to deliver on autonomous networking are focused today on checking these boxes. They are incorporating all the data analytics features needed to lay each stepping stone on a path toward total autonomy. Masergy serves as one such company.

Masergy’s SD-WAN includes per-user analytics

Masergy includes Identity-Based WAN Analytics in its comprehensive SD-WAN management portal. Whereas traditional SD-WAN offerings are limited to tracking IP traffic for entire sites, Masergy makes per-user analytics a standard offering inside its SD-WAN management portal.