Presentation is loading. Please wait.

Presentation is loading. Please wait.

Human (user) behavior patterns and analytics

Published byῬούθ Κούνδουρος Modified over 6 years ago

Similar presentations

Presentation on theme: "Human (user) behavior patterns and analytics"— Presentation transcript:

1 Human (user) behavior patterns and analytics
Nevenko Bartolinčić– Solution Architect

2 Agenda Today’s Security Problem UEBA Approach in Solving Problem
Collect, Detect, Respond Use Cases

3 Today’s Security Problem
Amount of Data Created Products Can’t Detect Modern Attack People Can’t Respond Quickly

4 UEBA Approach Relies on data science instead of static rules
Creates a baseline of normal behavior for each user Compares activities against baselines to detect risky or rogue behaviors

5 Collect - Approaches Network Centric Log Centric Endpoint Centric Data
Packets (or Flow) Analysis on Traffic Logs Endpoint Activities Collection Invasive: multiple taps Non-Invasive: SIEM or syslog Agents Pricing Expensive: per tap Affordable: org size Per agent Use Cases Threat In-Flight User Threat & User Compromise Risk & Compliance / Policy Violations Log information augmented with information from LDAP Context-Aware – augmenting data: location for IP address, ISP provider, department for user, …

6 Detect - Machine Learning
Baseline of normal behavior, then use of this behavior to evaluate new activity Activity compared to peer group Data model holds user state across IP, devices and credentials changes across time Session-based data model Models: First account creation activity for peer group First login to the application for the peer group Models the peer groups that logon to this host

7 Baseline – Security Alert Scoring

8 Respond – Security Alert Investigation

9 UBA Uses Cases

10 Thank you! E info@span.eu T +385 1 6690 200

Download ppt "Human (user) behavior patterns and analytics"

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
USER ACTIVITY MONITORING: YOUR MISSING SECURITY VANTAGE POINT Presented by Matt Zanderigo.

USER ACTIVITY MONITORING: YOUR MISSING SECURITY VANTAGE POINT Presented by Matt Zanderigo.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Department Of Computer Engineering

Department Of Computer Engineering
Ken Paiboon 214.274.3436 ken@exabeam.com User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon 214.274.3436 ken@exabeam.com.

Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
Network security policy: best practices

Network security policy: best practices
Correlations, Alarms and Policies

Correlations, Alarms and Policies
Enforcing Concurrent Logon Policies with UserLock.

Enforcing Concurrent Logon Policies with UserLock.
Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.

Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Firewall Technologies Prepared by: Dalia Al Dabbagh - 120090285 Manar Abd Al- Rhman - 120080113 University of Palestine -2010.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

Similar presentations

Ads by Google