Post Published On: August 9, 2018
What is UEBA?
The fight against cyber-attacks is a never ending war. Attacks are growing in sophistication and getting harder to detect because attackers are not using a fixed method. As a result, it is even more difficult to identify an attack and even signature based detection techniques are no longer sufficient. Another issue on the rise is stolen credentials and organizations need to protect their sensitive data even after the compromise of the account or device. With the age of mobile-first organizations increased security measures are required around users and their devices. All of this requires careful attention and preparation to properly manage the risk formed by these issues.
User and Entity Behavior Analytics (UEBA) is an important technique that will help organizations to overcome the above mentioned challenges. Organizations need to implement a solution that can baseline the users behavior, combined with machine learning capabilities, and have the ability to create peer groups which will help in identifying the malicious attack and anomaly behavior.
How to choose a solution?
Organizations should be careful when choosing the right solution. First they need to identify what are the use cases that serve their business needs and environment, such as malicious insider, compromised user, and advanced persistent threat protection. Applying these use cases should include proper monitoring, detection, and alerting capabilities for both the users and entities’ behavior, which for maximum benefit, need to be handled in an integrated manner not separately.
The best solution is the one that covers a wide range of data sources such as events, logs, flows, network packets, business context, HR context and external threat intelligence. The main differentiator is the ability to have a powerful analytics engine that has supervised and unsupervised machine learning, statistical modeling, rule-based systems, and deep learning. It is very important to correlate the behavior of these sources for users and entities to quickly aggregate the information and easily alert anything considered suspicious as a priority.
How will UEBA shape the security market?
As per Gartner, the user and entity behavior analytics (UEBA) market will cease to exist as a stand-alone market by 2021, and core UEBA techniques and technologies will be embedded in 80% of threat detection and incident prioritization solutions by 2022.*
Here to help
The Ingram Micro Cyber Security division has the expertise to help prepare and equip business partners to fight against these threats. Our value added services and solutions include; assessment services, consultancy services, and trainings delivered by professional cyber security consultants with a combined experience of over 50 years. In addition to a wide range of security solutions and services, Ingram Micro offers many products across different domains to protect business partners and their customers against anomaly behavior and malicious activities.
Written by Mohammad Qatatsha, Senior Solutions Architect at Ingram Micro. For more information about how we can help you select a UEBA solution, please contact the team on firstname.lastname@example.org or visit our website, http://security.ingrammicro.com
* Source: Gartner Market Guide for User and Entity Behavior Analytics, published on the 23rd of April 2018.