--> UEBA stands for User and Entity Behavioral Analytics.
--> User and entity behavior analytics (UEBA) is one type of cyber security solution that identifies internal threats in the organization by monitoring user and device activity that deviates from the baseline.
--> User and Entity Behavior Analytics uses behavior analysis to monitor user activities and infrastructure entities (ex. Network Devices, Infrastructure Devices, enterprise applications, IoT devices, and so on).
--> The UEBA Solution basically works by establishing a baseline of behavior, issuing alerts for anomalous behavior, and then the cybersecurity team will take over and conduct an investigation.
--> You might be wondering what is the difference between SIEM and UEBA. SIEM mainly focuses on collecting logs from all the devices and then correlating the logs to identify threats, Whereas UEBA mainly focuses on identifying threats based on user and entity behavior.
--> Now a days, most of the SIEM solutions such as Logrythm, Splunk, and IBM QRadar are coming with the inbuilt UEBA feature or as an extension to the SIEM solution.
--> UEBA systems can detect insider threats, malware, and advanced attacks by applying machine learning and behavioral analytics to users, machines, and entities.
--> In order for UEBA to work, It analyzes many log sources, as below, to establish the baseline:
i) IPS logs
ii) Endpoint/system logs
iii) Network Device Logs
iv) EDR logs
v) Authentication logs
vi) Threat Intelligence Logs
--> Once the UEBA collects the above information, it creates a baseline and risk score for each user and device. If any deviation occurs from the baseline, then the risk score of the device or user is increased.
--> Once the score crosses some defined value, an alert is generated in the UEBA solution, which will later be investigated by the cybersecurity team.
--> Following are the use cases and benefits of the UEBA Security Solution:
i) The ability to accurately detect compromised user accounts and malicious insiders by identifying abnormal behavior
ii) The ability to monitor user activity and device activity in Enterprise Networks as well as in the cloud
iii) Protection against zero-day attacks as the UEBA solution does not rely on signatures to detect threats
iv) The ability to detect non-malware-based attacks
0 comments:
Post a Comment