Identification of atypical behaviour of internal IT system users is a non-trivial task and it is very difficult to create a strict algorithm:
• In order to be able to identify atypical behaviour, it is necessary to know the definition of typical behaviour. Very often companies do not formalize their own business process in any way, considering rapidly changing environment, for example – market conditions, flow of staff members and dynamics of other aspects.
• The typical behaviour of users transforms throughout the development of IT systems; therefore, the smart solution has to be able to minimize the number of erroneous and false alarms under the conditions of constantly developing system.
Taking into consideration the said problems, e-StepControl solution uses advanced machine-learning methods for identification of atypical behaviour of users. The relevant improvements allow not only to create models of typical activities of users (i.e., implement self-learning), but also to update these models on regular basis, thus reducing the number of false alarms.
Starting from the installation and launching of the solution, e-StepControl constantly follows activities of users, performing reading and analysis of auditing notes. The obtained data are transferred for updating of mathematical models in real-time mode.
In addition to the previously mentioned approach for automatic identification of suspicious behaviour, e-StepControl solution also ensures an option to modify the contents of models manually, if the security staff specialist has admitted the particular activity session as permissible.
There is also a possibility to automatically determine, when a new functionality appears in the protected system, and react correspondingly, performing additional training of user behaviour profiles as necessary within the “quarantine” mechanism.