Security has incredibly powerful preventative controls. We are able to block anything we want and have been doing so since the dawn of firewalls. The problem is being able to block things without causing undue business impact. Enter model driven security based on user and entity behavior analytics (UEBA).
Model driven security delivers preventative controls to stop the bad guys – not your work flow
Model driven security gives you the ability to apply specific blocks to one or two people instead of 2,000 people. It’s an enormous benefit to have the ability to be much more granular with your preventative controls.
User and Entity Behavior Analytics looks at a very broad swath of data. It then uses machine learning to automatically identify anomalies to that behavior
User and Entity Behavior Analytics (UEBA) tracks all the users and entities in your environment. It also analyzes file, flow, and packet information aggregated from your reports and logs. You will be able to detect any sort of anomalous behavior that comes out of the activity – without generating undo noise. That’s critical.
Instead of getting 30,000 SIEM alerts of unknown context you cannot possibly investigate, Gurucul’s UEBA platform gives you 30 true positives
Our customers get between 30 and 50 cases per month on average, which is a very manageable number for their SOC (Security Operations Center) teams to investigate and respond.
UEBA and Data Exfiltration
When it comes to data exfiltration, one of the advantages that UEBA gives you is the ability to apply very specific individual policies based on the risk of that user.
For example, in your DLP environment, you can have a separate set of policies that apply to high risk individuals. Those are policies that generate too much noise for you to apply to the entire population. When it comes to a small population of say, less than 200 users, you can apply a much higher degree of scrutiny.
UEBA allows you to dynamically change that list of users based on individual risk scores. The scores are derived from their various activities.
A Haystack of Needles
As Robert D. Rodriguez, Chairman/Founder of SINET says in our book, Borderless Behavior Analytics: “We’ve moved from finding the needle in the haystack, to finding the needle in the haystack of needles, and then prioritizing and making that information actionable.”
In conclusion, UEBA can bring the needles to the top of the haystack. It can pick out the most critical and send them off to the specialists to take a closer look.
Take the first step. Contact us today.
Gurucul technology is used globally by organizations to detect insider threats, cyber fraud, IP theft, external attacks and more. The company is based in Los Angeles. To learn more, visit Gurucul.com and follow us on LinkedIn and Twitter.