What is Cohort Analysis, and why it’s important for CyberSecurity 

Birds of a feather flock together - the old English saying often just shortened to birds of a feather is the observation that people with similar interests, behavior and lifestyles seek out each other’s company and associate in groups sharing common interests. 

Cohort analysis is a fancy name for birds of feather.  

Cohort analysis is primarily used in marketing. Each cohort is assigned a persona, to make representing and visualizing the segmented cohort data easier. For example we may have a super loyal VIP customer category, and a first time purchaser. Each one of the cohorts tends to have similar preferences and behavior. This can be super helpful when targeting marketing campaigns and new products aimed at a particular niche in the market. 

By tapping into this consumer insight into the customer needs, wishes and goals, marketeers can generate campaigns that are tailored to each group and much more likely to resonate, and design product that meet the customer core jobs-to-be done needs.

In Cybersecurity, cohort analysis isn’t often used as it is complex to implement and may not produce a hard definitive signal that e.g. an asset has been compromised, or a security breach has occurred. 

In AI, ML models have sophisticated ways of measuring behavioral similarities, and expressing the distance between the types of behavior numerically. Typically we map all the behavioral attributes, plot them, and then compare them over time. The ML is performed in real-time, so that even small variations in behavior can be picked up, marked as anomalous, or trended. 

For bot detection, cohort analysis is very powerful tool that gives us the following benefits:

  1. Behavioral analysis of the actual human traffic builds up a pattern of normal behavior from users. This can be further segmented into repeat visitors, first time visitors, VIPs etc. to provide a detailed profile of the actual behavior of your users. Understanding the real-human patterns, mouse trail, exit points, journey types, path lengths etc. then gives us a powerful tool for understanding  non-human visits. This can’t be faked and it’s impossible for the hackers to know. 

  1. Armed with the Machine Learning from our actual human visitors, it’s much easier to detect non-human visitors. Bots are often programmed to be as humanlike as possible. They may have real devices, pass fingerprints, etc. but ultimately for the bot to be successful they have to do potentially malicious or unwanted things - hit payment gateways, admin, or login paths, probe, or systematically data mine.

In Cybersecurity, the cohort analysis gives us two major benefits. It allows us to deeply understand the behavior and attributes of the actual human verified visitors, and to spot deviations from potentially fake or malicious bots by their behaviour. 


Check more blogs

Get updates on the content