Join other Information Security Professionals and Subscribe

to receive monthly insights on securely enabling business transformation

Bridgeway Insights

UEBA: Keeping Information Safe Using User and Entity Behaviour Analytics

UEBA: Keeping Information Safe Using User and Entity Behaviour Analytics

Posted by Louisa Mackintosh 4 June 2018

Earlier this week we wrote about how the emergence of cloud and IoT have shifted security priorities from arbitrary boundaries towards the protection of data.

Whilst traditional perimeter security cannot be ignored, potential threat vectors are proliferating by the day, and it is here that new approaches—such as user and entity behaviour analytics (UEBA)—help keep your information safe.

Find out how to bring visibility, security and control to your enterprise.  Download the security whitepaper and find out how Aruba ClearPass can enforce security throughout your enterprise.

UEBA: Keeping Information Safe Using User and Entity Behaviour Analytics


How UEBA helps organisations face insider threats


Let’s assume one of your privileged access accounts is compromised—perhaps even your CFO. It is easy enough to steal credentials. However, once inside a network with UEBA in play, a hacker would have to successfully mimic the CFO’s behaviour to avoid triggering alarms—a much taller order, especially if you take into account behaviour across multiple platforms and devices.


By watching how your users and devices interact with each other and setting a baseline for normal activity, UEBA is able to detect when there is a deviation in the way it would expect a device to be used. Any anomalies that could be a potential threat to your environment are escalated for an analyst to review.

Do behaviour analytics render SIEM useless?


Transform productivity and save thousands by leveraging UEBA across your organisation


UEBA’s business applications are as numerous as they are powerful, enabling organisations to better manage any of the following areas:


  • privileged user monitoring
  • enforcing a change control policy
  • helping to prevent data loss
  • preventing passwords from being shared
  • detecting when an account has been compromised

Sophisticated solutions from leading vendors are even using AI and machine learning to automatically remediate threats like phishing, ransomware, lateral movement, data exfiltration, command-and-control communication, account takeovers, privilege escalation and more.


Whilst it will vary from business to business, automated insider threat detection can transform the productivity of your team and save you thousands in the process. According to Aruba, Introspect saves ‘roughly £35,000 per month and nearly 30 hours per incident by cutting down on investigations’ using Aruba’s flagship UEBA product. ‘Indeed, customers say they have been able to resolve single incidents in only 10 minutes, compared to 30 hours using traditional methods.’

 Aruba Security Whitepaper
Tags
Aruba

Authors

 

 

Recent Insights

Our Partners
Bridgeway LinkedIn Bridgeway Vimeo Bridgeway Twitter
MAKE AN ENQUIRY EMAIL SUPPORT 01223 979 090

LATEST FROM THE BLOG

LATEST TWEETS
LATEST NEWS
Contact us

Bridgeway Security Solutions Ltd
Bridge House
Buckingway Business Park
Cambridge
CB24 4UQ
UK

Email: enquiries@bridgeway.co.uk
Phone: 01223 979 090