Profiling Is Not Always A Bad Thing
The attached article speaks about how TSA PreCheck applies security to the individual in exchange for detailed background information about the traveler, to provide an expedited screening process. Now there are other companies like Clear and Global Entry which asks for additional information in exchange for even faster screening. However, the point is by focusing screening on an individual, TSA is able to formulate a risk profile and have a pattern of normal behavior. It follows that any deviation from that normal behavior will trigger some sort of alert and trigger extra screening.
If you apply some of that same logic to behavioral analytics you can now profile an individual user and create a profile of normal behavior, so when something happens out of the ordinary, you are alerted and can respond faster. This of course assumes that your security tool stack is well tuned to incorporate behavioral analytics and automation to obtain this level of detail. That could be a large order the larger the environment, however, it can be deployed on high risk users, folks that have higher levels of access within your company. Performing a risk assessment on your users will allow you to obtain some good detail about where to start. I suggest highly privilege access users (i.e. admin users), data base administrators, and application owners, but that’s just my personal wish list. Have fun!