About Us

Privitar NOVLT Secures Sensitive Data Using A Format Preserving Encryption Algorithm

Privitar introduced the latest version of the Privitar Data Privacy Platform. NOVLT, a new tokenization method. NOVLT, which supports broader use cases and data sharing across borders, is designed to provide the benefits of tokenization while removing the dependency of a vault. Customers will have full flexibility to customize their approach to data protection for individual use cases, with Privitar offering two, complementary methods of tokenization.

“Safeguarding data is a challenge that requires different approaches depending on the context – the data, the use case, the user. We developed Privitar NOVLT to strengthen our existing offering and give customers the flexibility to choose exactly the right tokenization approach based on their architecture and performance requirements for each of their use cases. Customers can use a token vault, NOVLT, or a combination of the two, even within the same policy. Privitar eliminates the need to make a false choice,” said Steve Totman, Chief Product Officer at Privitar.

How Privitar NOVLT works

NOVLT uses a format-preserving encryption technique for consistent tokenization to secure sensitive data. It generates consistent and unique tokens with specific forms using certified secure cryptography. It also adds an extra degree of security by supporting Privitar’s unique privacy features, such as the ability to embed Privitar Watermarks in tokenized data and regulated linkability with Protected Data Domains.

Privitar NOVLT is a completely distributed system that ensures data security and interoperability across data sovereignty areas. This is especially advantageous for businesses with a global presence and for businesses that work on projects with foreign partners. Privitar NOVLT will allow them to comply with requirements such as GDPR by de-identifying data in a specific place before sharing it across borders, while yet maintaining a link to a protected dataset in the centre.

“Many of our customers are trying to share data for analysis across geographies, but are blocked by data sovereignty laws. This means data cannot move across boundaries without the appropriate de-identification techniques applied beforehand. Privitar NOVLT makes that possible without the headaches,” added Totman.

User and Entity Behaviour Analytics (UEBA) – Buying Guide

User & Entity Behaviour Analytics

UEBA technologies employ analytics to construct standard profiles and behaviours for users and entities (servers, routers) in an Enterprise firm over a period. This is referred to as “baselining”. Activity that differs from these standard baselines is flagged as suspicious by UEBA technology and analytics applied to these anomalies helps in the discovery of possible risks and security incidents.

While buying UEBA Solution following points must be considered –

Data Sources – The UEBA solution must support various data sources.

A SIEM is a data gathering point for a wide range of security data from users’ directories, logs, and other security solutions. Over other data sources, SIEM information has the advantage of being readily available to put into a security solution.

Endpoint data is collected by a smaller number of security vendors. Most collect data directly or from a SIEM via an existing endpoint. User behaviour related to application, network, and cloud activity can be found in endpoint data. It is an important data source.

For security analysis, two more data sources are critical. The log data from major enterprise software like SAP and Oracle. Gathering this information will provide more insight into cyberattacks on organizational operations and financial information.

Machine Learning and Behavioral Analysis

A security analytics solution’s purpose is to swiftly detect threats across the company, particularly those that are often undetected by conventional methods. Behavioural analytics establishes a distinct baseline for each company’s entity. These activities should be linked to the participants like users/accounts, machines, apps, data, and other digital assets are examples of entities. Probabilistic approaches can measure how irregular an occurrence is by computing an appropriate risk score as entities engage in anomalous activities. So, machine learning algorithms play a key role in identifying cyber threats. Machine learning also defines the baseline for behaviour and does behavioural analysis. Hence, companies should look for a UEBA vendors who have extremely efficient and accurate machine learning algorithms.

Incident Response and Investigations

When in incident response, the purpose of UEBA is to clearly identify and present a threat. UEBA will give a security team actionable information about the issue so that it can be prevented before data is compromised. To respond to an incident the UEBA solution should clearly identify and present a threat. It should include possible responses to the incident. So, firms should look for vendors who present incident information with good quality information and visual graphs. The companies should also assess what various investigation and incident response options are provided by the vendors.

Ease of Use

Complex user interfaces have hampered security products in the past. The majority fails to show where the biggest risk is in a comprehensive manner and what the nature of that risk is. Typically, tools’ dashboards will display the change over time, some events, such as a potentially dangerous IP address or malware fingerprint. These tools require rigorous training to master. Hence, companies should look for UEBA solution with user-friendly interface and customization options.

Performance and Scalability

The UEBA solution should be scalable. Security analysis will be done on the firm’s all endpoints across different sources like customers and vendors.  This results in billions of processes per month utilizing heavy storage. The UEBA solution you must be designed to cope up this scale.  In addition, the UEBA solution must be able to scale up down quickly and handle data in real-time as per business requirements. 

Use Cases

The major use case for UEBA solutions is the identification of multiple types of threats, which is accomplished through analysis of frequently correlated user and other entity behaviour. Monitoring for unauthorized data access, suspect privileged user behaviours, and generally improving detection processes are examples of use cases.  However, non-IT and non-security data sources are frequently required like analytics models detecting fraud. So, these analytical models learn from uses case-based data. Hence, better the use case increases threat detection accuracy. So, companies should look for UEBA solutions with rich and quality uses cases and analytical models.

Cost and Support

It’s important to look into the type of assistance that a particular vendor offers. In any case, comprehensive technical support is an optional extra that could dramatically increase implementation expenses. Due to the fact that UEBA products have an expiration policy, which means the vendor will no longer support them, the cost and number of software upgrades must be considered. The cost of UEBA varies based on the features, power of analytics, size and capabilities of the network. What is the maximum amount of money that a company is willing to spend? Is the business concerned about ROI? The second step after selecting a UEBA product is to implement and support it. To be effective, UEBA must be administered by dedicated trained workers or added to the responsibilities of professional staff. There are disparities in terms of costs and levels of service assistance.

User & Entity Behaviour Analytics – An Overview

UEBA technologies employ analytics to construct standard profiles and behaviours for users and entities (servers, routers) in an Enterprise firm over a period. This is referred to as “baselining”. Activity that differs from these standard baselines is flagged as suspicious by UEBA technology and analytics applied to these anomalies helps in the discovery of possible risks and security incidents.

The term UEBA was introduced by one of the leading research firm Gartner. UEBA Solutions includes following three factors –
Use Cases – UEBA solutions gives information on how employees, clients and other entities in the organization’s network behave. They conduct activities like anomaly identification, alerting and tracking. And, contrasting to traditional single use-case based specialized tools, UEBA tools are applicable to multiple use cases.
Data – UEBA collects real time event data in structured and unstructured format from user’s and entity’s activities directly or through an existing IT repository. This Enriched data must be machine-readable.
Analytics – UEBA Solutions uses analytics for user focused data exploration and visualization with machine learning (ML) and statistical models by comparing baseline rules with users and entities’ activities with their profiles to detect anomalies.

UEBA Solution Benefits
UEBA Solutions consider both internal and external threats of an organization when creating new policies and rules. When the attack pattern is unknown (zero-day attack), or if the attack enters laterally by changing credentials, IP addresses in an enterprise, traditional security tools struggle to identify a compromised insider. UEBA solutions can detect these attacks because attackers force compromised users or entities to behave differently than defined rules or baseline.

In most cases, UEBA solutions are provided as a cloud-based service or on-premises, sometimes both to an organization. UEBA vendors often require companies to install appliances for network traffic monitoring. The vendor’s approach and design are flexible in terms of the organization’s current and future needs. It’s takes time of 1 month or more to create baselines, profiles and classes of users and entities.

By determining which users reflect anomalous behaviour as compared to known baselines, UEBA solutions prioritize alerts. A security alarm would not be triggered by a single slightly unusual incident. To generate an alarm, the device needs several indicators of suspicious behaviour. This saves investigating team’s time by reducing number of alerts and allows security analysts to find actual security issues more quickly.

UEBA’s Application in IoT – UEBA can play vital role in security risk of Internet of Things (IoT). Huge number of internet-connected devices are deployed by businesses mostly with less security measures in place. Attackers can hack IoT devices and use them to steal information or to launch attack on other companies like DDoS attack. This can cause significant financial losses. UEBA can monitor large number of connected devices for an enterprise firm, create baselines for similar devices and detect when a device deviates from its normal behavior.

Advanced Analytics in UEBA Solutions – Data Integration helps UEBA solutions to compare data from various sources. UEBA solutions apply statistical models on data gathered from various sources with help of machine learning to do deep behavioural profiling in order to identify sensitive changes in user’s activity. The use of unstructured data for unsupervised learning gives big advantage. Data Presentation is used to present findings in a comprehensible way to security analysts.

Use Cases – Uniqueness of use cases separates UEBA solutions from other tools. UEBA solutions build use cases for various domains like malicious insider, incident prioritization, compromised insider, Identity and privileged access management, data exfiltration, etc. These pre-defined uses cases are available at one click on cloud storage which enables quick deployment.