LTS secure user entity behavior analytics boon to cyber security

1
USER ENTITY BEHAVIOR ANALYTICS A BOON FOR THE
WORLD OF CYBER SECURITY
2
Content

• LTS Secure User Entity Behavior Analytics (UEBA)
• Benefits of User Entity Behavior Analytics (UEBA)
• Detection of hijacked accounts
• Reduced Attack Surface
• Privilege Abuse and Misuse
• Improved Operational Efficiency
• Data Exfiltration detection

3
LTS Secure User Entity Behavior Analytics (UEBA)

• The world has seen an unabated rise in the number
  of cyber-attacks as the hackers continue to
  target the vulnerabilities in the security
  system. Even a small loophole in security system
  can serve as an entry point for the cyber
  attackers. Insider threats pose significant risk
  to any organization and quite often it is very
  hard to detect. The encouraging part is that we
  have UEBA to address these threats.
• UEBA can be defined as a security solution that
  analyzes the behaviors of people that are
  connected to an organizations network and
  entities or end-points such as servers,
  applications, etc. to figure out the anomalies in
  the security. UEBA uses behavioral analysis to
  monitor the activities of the users and entities.
  It keeps a track of where do people usually log
  in from and what applications or file servers
  they use, what is their degree of access, etc.
  UEBA then correlates this information to gauge if
  a certain activity performed by the users is
  different from their daily tasks and establishes
  a baseline of what is usual behavior. If
  something unusual happens that doesnt comply
  with the baseline, UEBA detects it and sends
  alerts of the probable threat.

4

• This can be explained with an example, Let us say
  an employee accesses a certain file named A
  daily, however he begins to send information from
  file A to an unknown entity. In this case UEBA
  will analyze the activities employee has been
  performing over a period of time to detect if
  there is any indication of his entities being
  compromised. It will then use this information to
  determine whether the employees behavior is
  malicious and notify about the same.
• Now the question is Why is finding insider
  threat so difficult? and How is UEBA different
  from other security systems?
• The answer lies in large volume of alerts
  generated by traditional security systems like
  SIEM. It is very difficult to determine who,
  what, how and why an insider attack took place
  because of the huge amount of data generation.
  Most of the alerts given by tradition security
  solutions like SIEM are false positives, and most
  of the threats go unnoticed. It mostly
  concentrates on protecting abstractions like
  endpoints and perimeters. It is defenseless when
  it comes to insider threats. UEBA solutions are
  designed in such a way that they accurately
  detect activities that may otherwise go
  unnoticed. It helps companies to secure access to
  the privileged accounts used by the employees.

5
Benefits of User Entity Behavior Analytics (UEBA)

• Detection of hijacked accounts - Attackers who
  steal valid user credentials behave differently
  than real users. UEBA uses real-time detection to
  ascertain if something is out of norm and
  responds to the threat through various real-time
  responses such as Block, Modify, Re-authenticate
  or Multi-factor authentication. This ensures that
  the real threats are getting addressed before
  they try to harm the system.
• Reduced Attack Surface - UEBA sends insights to
  the users and the security teams through
  interactive analytics which allows them to know
  about the loopholes or weak points before an
  incident happens. These insights help reduce the
  attack surface which makes it difficult for the
  cyber attacker to breach the network.
• Privilege Abuse and Misuse - In any organization
  the privileged users have extensive access to the
  system, data and applications which is why they
  present a higher risk to the organization. UEBAs
  algorithms ensure that the access rights are used
  appropriately and give an overview of what kind
  of privileges individual users should have.

6

• Improved Operational Efficiency - It takes a lot
  of efforts to identify threats manually through
  alerts. UEBA can manually identify and validate
  threat without manual intervention through
  automation and security intelligence. This level
  of automation allows security to focus on real
  threats rather than alert chasing.
• Data Exfiltration detection - UEBA analytics help
  to detects potential data exfiltration before it
  happens, thus allowing businesses time to prepare
  a strategic plan to prevent data theft. It can
  even help identify Advanced Persistent Threats
  (APT).
• UEBA has proved itself to be an indispensible
  asset in the world of cyber security. According
  to experts user and entity behavior analytics is
  a better model for attack detection and maintain
  that it is going to enable more accurate
  detection of cyber attackers threatening
  networks.

7
THANKYOU