Download presentation
Presentation is loading. Please wait.
1
Human (user) behavior patterns and analytics
Nevenko Bartolinčić– Solution Architect
2
Agenda Today’s Security Problem UEBA Approach in Solving Problem
Collect, Detect, Respond Use Cases
3
Today’s Security Problem
Amount of Data Created Products Can’t Detect Modern Attack People Can’t Respond Quickly
4
UEBA Approach Relies on data science instead of static rules
Creates a baseline of normal behavior for each user Compares activities against baselines to detect risky or rogue behaviors
5
Collect - Approaches Network Centric Log Centric Endpoint Centric Data
Packets (or Flow) Analysis on Traffic Logs Endpoint Activities Collection Invasive: multiple taps Non-Invasive: SIEM or syslog Agents Pricing Expensive: per tap Affordable: org size Per agent Use Cases Threat In-Flight User Threat & User Compromise Risk & Compliance / Policy Violations Log information augmented with information from LDAP Context-Aware – augmenting data: location for IP address, ISP provider, department for user, …
6
Detect - Machine Learning
Baseline of normal behavior, then use of this behavior to evaluate new activity Activity compared to peer group Data model holds user state across IP, devices and credentials changes across time Session-based data model Models: First account creation activity for peer group First login to the application for the peer group Models the peer groups that logon to this host
7
Baseline – Security Alert Scoring
8
Respond – Security Alert Investigation
9
UBA Uses Cases
10
Thank you! E info@span.eu T +385 1 6690 200
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.