UEBA: Keeping Information Safe Using User and Entity Behaviour Analytics

Earlier this week we wrote about how the emergence of cloud and IoT have shifted security priorities from arbitrary boundaries towards the protection of data.

Whilst traditional perimeter security cannot be ignored, potential threat vectors are proliferating by the day, and it is here that new approaches—such as user and entity behaviour analytics (UEBA)—help keep your information safe.

How UEBA helps organisations face insider threats

Let’s assume one of your privileged access accounts is compromised—perhaps even your CFO. It is easy enough to steal credentials. However, once inside a network with UEBA in play, a hacker would have to successfully mimic the CFO’s behaviour to avoid triggering alarms—a much taller order, especially if you take into account behaviour across multiple platforms and devices.

By watching how your users and devices interact with each other and setting a baseline for normal activity, UEBA is able to detect when there is a deviation in the way it would expect a device to be used. Any anomalies that could be a potential threat to your environment are escalated for an analyst to review.

Do behaviour analytics render SIEM useless?

Transform productivity and save thousands by leveraging UEBA across your organisation

UEBA’s business applications are as numerous as they are powerful, enabling organisations to better manage any of the following areas:

• privileged user monitoring
• enforcing a change control policy
• helping to prevent data loss
• preventing passwords from being shared
• detecting when an account has been compromised

Sophisticated solutions from leading vendors are even using AI and machine learning to automatically remediate threats like phishing, ransomware, lateral movement, data exfiltration, command-and-control communication, account takeovers, privilege escalation and more.

Whilst it will vary from business to business, automated insider threat detection can transform the productivity of your team and save you thousands in the process. According to Aruba, Introspect saves ‘roughly £35,000 per month and nearly 30 hours per incident by cutting down on investigations’ using Aruba’s flagship UEBA product. ‘Indeed, customers say they have been able to resolve single incidents in only 10 minutes, compared to 30 hours using traditional methods.’