Human (user) behavior patterns and analytics

Slides:



Advertisements
Similar presentations
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Advertisements

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
USER ACTIVITY MONITORING: YOUR MISSING SECURITY VANTAGE POINT Presented by Matt Zanderigo.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Department Of Computer Engineering
Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
Network security policy: best practices
Correlations, Alarms and Policies
Enforcing Concurrent Logon Policies with UserLock.
Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
APM for Security Forensics ENHANCING IT SECURITY WITH POST-EVENT INTRUSION RESOLUTION Lakshya Labs.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
1 Figure 10-4: Intrusion Detection Systems (IDSs) HOST IDSs  Protocol Stack Monitor (like NIDS) Collects the same type of information as a NIDS Collects.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
THE NEED FOR CONTEXT 1 Applying Machine Learning to Incident Response Matt
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
Contextual Security Intelligence Suite™ Preventing Data Breaches without Constraining Business.
Why SIEM – Why Security Intelligence??
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)
Some Great Open Source Intrusion Detection Systems (IDSs)
Could SP-NAT Save the Internet?
Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
Microsoft Ignite /1/ :41 PM BRK3249
Office 365 Advanced Security Management
Protect your Digital Enterprise
INTRODUCTION Sam Wachira
SIEM Rotem Mesika System security engineering
Cloud App Security vs. O365 Advanced Security Management
Internal Security Threats
Apache Spot (Incubating)
“Introduction to Azure Security Center”
Active Cyber Security, OnDemand
Security managed from the cloud.
Introduction to Networking
Deep Dive into the Blue VCU Infosec Team.
StealthWatch: Network Visibility & Security Intelligence BATTLE CARD
SECURITY INFORMATION AND EVENT MANAGEMENT
Closing the Breach Detection Gap
Threat Landscape for Data Security
Understanding IDENTITY Assurance
How to Operationalize Big Data Security Analytics
Intrusion Detection & Prevention
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Intrusion Detection Systems (IDS)
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
Requirements for Client-facing Interface to Security controller draft-ietf-i2nsf-client-facing-interface-req-02 Rakesh Kumar Juniper networks.
A 5-minute overview of ADAudit Plus
Using the Cloud App Marketplace Monitoring cloud app migrations
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
The MobileIron® Threat Detection difference:
Features Overview.
STEALTHbits Technologies, Inc.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

Human (user) behavior patterns and analytics Nevenko Bartolinčić– Solution Architect

Agenda Today’s Security Problem UEBA Approach in Solving Problem Collect, Detect, Respond Use Cases

Today’s Security Problem Amount of Data Created Products Can’t Detect Modern Attack People Can’t Respond Quickly

UEBA Approach Relies on data science instead of static rules Creates a baseline of normal behavior for each user Compares activities against baselines to detect risky or rogue behaviors

Collect - Approaches Network Centric Log Centric Endpoint Centric Data Packets (or Flow) Analysis on Traffic Logs Endpoint Activities Collection Invasive: multiple taps Non-Invasive: SIEM or syslog Agents Pricing Expensive: per tap Affordable: org size Per agent Use Cases Threat In-Flight User Threat & User Compromise Risk & Compliance / Policy Violations Log information augmented with information from LDAP Context-Aware – augmenting data: location for IP address, ISP provider, department for user, …

Detect - Machine Learning Baseline of normal behavior, then use of this behavior to evaluate new activity Activity compared to peer group Data model holds user state across IP, devices and credentials changes across time Session-based data model Models: First account creation activity for peer group First login to the application for the peer group Models the peer groups that logon to this host

Baseline – Security Alert Scoring

Respond – Security Alert Investigation

UBA Uses Cases

Thank you! E info@span.eu T +385 1 6690 200

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.