User Entity behavior Analytics
Posted by rver21 on March 7th, 2019
USER ENTITY BEHAVIOR ANALYTICS
UEBA can be defined as a security solution that analyzes the behaviors of people that are connected to an organization’s network and entities or end-points such as servers, applications, etc. to figure out the anomalies in the security. UEBA uses behavioral analysis to monitor the activities of the users and entities. It keeps a track of where do people usually log in from and what applications or file servers they use, what is their degree of access, etc. UEBA then correlates this information to gauge if a certain activity performed by the users is different from their daily tasks and establishes a baseline of what is usual behavior. If something unusual happens that doesn’t comply with the baseline, UEBA detects it and sends alerts of the probable threat.
This can be explained with an example, Let us say an employee accesses a certain file named “A” daily, however he begins to send information from file A to an unknown entity. In this case UEBA will analyze the activities employee has been performing over a period of time to detect if there is any indication of his entities being compromised. It will then use this information to determine whether the employee’s behavior is malicious and notify about the same.
Now the question is “Why is finding insider threat so difficult?” and “How is UEBA different from other security systems?”
The answer lies in large volume of alerts generated by traditional security systems like SIEM. It is very difficult to determine who, what, how and why an insider attack took place because of the huge amount of data generation. Most of the alerts given by tradition security solutions like SIEM are false positives, and most of the threats go unnoticed. It mostly concentrates on protecting abstractions like endpoints and perimeters. It is defenseless when it comes to insider threats. UEBA solutions are designed in such a way that they accurately detect activities that may otherwise go unnoticed. It helps companies to secure access to the privileged accounts used by the employees.
Below are the benefits of User Entity Behavior Analytics (UEBA) :
Copyright © 2020 Uberant.com704,941 total articles and counting.