In web applications – especially those that sell products and services – understanding user behaviour and ensuring that customers have a good experience are critical to customer retention, acquisition, and sales revenue. Real User Monitoring (RUM) collects and analyses user actions, backend resources, and performance to give administrators the metrics for improvement. RUM can be used for marketing purposes, but it’s also useful in threat monitoring.
How Does Real User Monitoring Work?
RUM focuses on receiving real data and analytics from actual users, unlike other monitoring that uses automation to retrieve data. Testing production using code and bots is common in web application analysis to determine if it can handle a specific user load. Synthetic monitoring emulates user behaviours, but real user monitoring takes metrics from actual users in their browsers as they navigate throughout the website. By retrieving RUM metrics, organisations can get valid data on the way users experience the web application so that administrators can determine if performance is sufficient to handle the traffic.
In marketing, RUM has several benefits. It can detect popular pages and the links commonly used to browse other products. It can link different products together for better upsell potential. If the site has a checkout and payment section, RUM identifies the point at which users typically abandon their shopping carts and the checkout process.
In cybersecurity, RUM can detect specific attacker actions. Mainly, it's employed to determine if a user’s account is under attack. When attackers steal credentials, they often use scripts to authenticate into user accounts. Normally, thousands of accounts matched with stolen credentials live in an attacker’s database from a phishing scam or downloaded files on darknet markets. Real user monitoring metrics can detect several failed authentication attempts on a user’s account. While this would not positively detect an attack, it can be combined with other suspicious behaviour to flag the account and stop attackers from further authentication attempts. If several user accounts are flagged, then administrators can be notified of a potential brute-force attack.
Load times can be detected using RUM methods. By determining the duration of time for a page to load, website administrators can identify if the webserver needs more resources or if additional infrastructure is necessary to speed up the site. Site speed is one of the metrics search engines use to determine ranking algorithms. Slow sites negatively affect user experience, leading to a higher bounce rate or abandoned shopping carts. RUM helps sites manage these issues before they impact revenue.
Benefits of Real User Monitoring
RUM does not replace standard scripted testing, but it can help identify performance issues and application errors. These application errors could lead to vulnerabilities resulting in a data breach, and performance issues can be leveraged to launch denial-of-service (DoS) attacks.
For organisations that need analytics and want to track user behaviour, RUM has the following benefits:
- Identify errors. RUM can determine if the page responded correctly or displayed an error when users navigate to a page. It can also establish if the application handled errors properly or crashed.
- Capture data on user habits. Websites use RUM to adjust layouts and content that yield a good user experience. It can also provide analytics to improve sales and drive traffic to higher-value products.
- Track user navigation for better customer service. If users have issues on the site or need help with the checkout process, customer service representatives can view where the user experienced an error.
- Reporting on web application performance and functions. Administrators can view metrics on site performance and functions. During peak traffic, these reports help administrators identify if the site suffers from performance issues slowing page load times and destroying user experiences.
- Alerts for suspicious activity. Whether it’s from suspicious user activity or application errors, RUM can send alerts to administrators when issues are found.
RUM for Insider Threats
While RUM is mainly used in marketing, it can determine if the site is under attack from internal and external threats. Employees, vendors, and third-party individuals with access to the environment can be threats. Some threats are intentional, but threats can be from unintentional attacks such as stolen credentials from phishing or users tricked by social engineering.
Real user monitoring identifies authenticated users and tracks activity, so when unusual traffic patterns are detected, the activity is logged, and alerts are sent to administrators. This activity can be tracked on a public-facing site or an intranet where only employees have access.