Scribd Logo
Upload

Welcome to Scribd!

  • User Behavioural Analytics: Machine Learning For Threat Detection

    Uploaded by

    helloworld
    11 views26 pages
    This document discusses how user behavioral analytics (UBA) using machine learning can help detect advanced cyber threats and insider threats that traditional SIEM technologies often miss. It provides an overview of how UBA analyzes user activity data at scale in real-time to build baselines and detect anomalies that could indicate malicious behavior. Specific capabilities highlighted include threat modeling, security analytics, risk scoring, and support for additional data sources. The document encourages readers to contact the author for more information on UBA and its potential to enhance threat detection.

    Original Description:

    Machine Learning

    Original Title

    8splunkuba-machinelearningforthreatdetectionharrymclaren-160514174302

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses how user behavioral analytics (UBA) using machine learning can help detect advanced cyber threats and insider threats that traditional SIEM technologies often miss. It provides an overview of how UBA analyzes user activity data at scale in real-time to build baselines and detect anomalies that could indicate malicious behavior. Specific capabilities highlighted include threat modeling, security analytics, risk scoring, and support for additional data sources. The document encourages readers to contact the author for more information on UBA and its potential to enhance threat detection.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    11 views26 pages

    User Behavioural Analytics: Machine Learning For Threat Detection

    Uploaded by

    helloworld
    This document discusses how user behavioral analytics (UBA) using machine learning can help detect advanced cyber threats and insider threats that traditional SIEM technologies often miss. It provides an overview of how UBA analyzes user activity data at scale in real-time to build baselines and detect anomalies that could indicate malicious behavior. Specific capabilities highlighted include threat modeling, security analytics, risk scoring, and support for additional data sources. The document encourages readers to contact the author for more information on UBA and its potential to enhance threat detection.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 26

    USER

    BEHAVIOURAL
    ANALYTICS
    Machine Learning for Threat Detection
    Harry McLaren – Security Consultant at ECS
    HARRY MCLAREN

    • Alumnus of Edinburgh Napier


    • Security Consultant at ECS
    • SOC & CSIR Development
    • Splunk Consultant & Architect
    ACCELERATING PACE OF DATA
    Volume | Velocity | Variety | Variability
    Legacy SIEM type technologies aren’t
    enough to detect insider threats and
    advanced adversaries and are poorly
    designed for rapid incident response.

    [SIEM - Security Information & Event Management]


    Inadequate Innocuous
    Contextual Data Events of Interest
    68% of respondents in 81% of respondents said
    the survey said that that SIEM reports contain
    reports often only too much extraneous
    indicated changes information and were
    without specifying what overwhelmed with
    the change was. false positives.

    2016 SIEM Efficiency Survey - Conducted by Netwrix


    2015

    TECHNOLOGY
    DEVELOPMENT
    2011
    CAPABILITY

    2008

    2002
    1995

    END-POINT SECURITY NETWORK SECURITY EARLY CORRELATION PAYLOAD ANALYSIS BEHAVIOR ANALYSIS

    EVOLUTION
    KILL CHAIN - EVENTS OVERLOAD
    SECURITY PLATFORM

    INCIDENT SECURITY & REAL-TIME DETECTING DETECTION OF DETECTION OF


    INVESTIGATIONS & COMPLIANCE MONITORING OF UNKNOWN THREATS ADVANCED INSIDER THREATS
    FORENSICS REPORTING KNOWN THREATS CYBER ATTACKS

    Splunk Enterprise Security Splunk UBA


    MACHINE LEARNING UNSUPERVISED MACHINE
    LEARNING

    EVOLUTION
    COMPLEXITY

    SUPERVISED MACHINE
    LEARNING

    POLICY - PEER GROUP


    STATISTICS
    POLICY - STATISTICS

    POLICY - THRESHOLD
    RULES - THRESHOLD

    EVOLUTION
    WHAT IS SPLUNK
    USER BEHAVIORAL ANALYTICS?
    DETECT ADVANCED CYBERATTACKS

    DETECT MALICIOUS INSIDER THREATS

    REAL-TIME & BEHAVIOR UNSUPERVISED ANOMALY THREAT


    BIG DATA BASELINING & MACHINE DETECTION DETECTION
    ARCHITECTURE MODELING LEARNING
    USER ACTIVITY
    Day 1 John connects via VPN

    Day 2 John elevates his privileges

    .
    INSIDER
    John executes remote desktop to a system
    (administrator) - PCI zone

    .
    THREAT Administrator performs ssh (root) to a file share
    - finance department

    . root accesses a sensitive document


    from the file share

    . root copies the document to another file share


    - Corporate zone

    root uses a set of Twitter handles to chop and


    Day N
    copy the data outside the enterprise
    MULTI-ENTITY BEHAVIORAL MODEL
    NETWORK

    APPLICATION

    HOST

    DATA

    USER
    UBA 2.2 LATEST FEATURES
    • Threat Modeling Framework
    • Create custom threats using 60+ anomalies.
    • Enhanced Security Analytics
    • Visibility and baseline metrics around user,
    device, application and protocols.
    • Risk Percentile & Dynamic Peer Groups
    • Support for Additional 3rd Party Devices
    QUESTIONS / CONTACT

    harry.mclaren@ecs.co.uk

    twitter.com/cyberharibu

    harrymclaren.co.uk/blog

    You might also like