User and Entity Behavior Analytics

Authentication (User/Biometric Authentication and PKI) Behavior Analytics (User and Entity)

WHAT IS UEBA?

Hackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.

User and entity behavior analytics (UEBA) give you more of a comprehensive way to make sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.

HOW UEBA WORKS

The premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.

For example, let’s say you steal Mark’s password and user name. You would still not be able to act precisely like Mark once in the system, unless given extensive research and preparation. Therefore, when Mark’s user name is logged in to the system, and her behavior is different than that of typical Mark, that is when UEBA alerts start to sound.

Another relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.

As such, UEBA is a very crucial component of IT security, allowing you to:

  • Detect insider threats.

    It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse, and policy violations made by your own staff.

  • Detect compromised accounts.

    Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.

  • Detect brute-force attacks.

    Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.

  • Detect changes in permissions and creation of super users.

    Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.

  • Detect breach of protected data.

    If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.