10
‹#› | Company Confidential Discover hidden threats with User Behaviour Analytics (UBA) Andrew Hollister Technical Director, EMEA

LogRhythm - User behavior analytics

Embed Size (px)

Citation preview

Page 1: LogRhythm - User behavior analytics

‹#› | Company Confidential

Discover hidden threats with User Behaviour Analytics (UBA)

Andrew HollisterTechnical Director, EMEA

Page 2: LogRhythm - User behavior analytics

‹#› | Company Confidential

User Behavior Analytics (UBA)

Detect and Respond to:1. Insider Threats: before data is stolen or

fraud is perpetrated

2. Compromised Accounts: before more systems are compromised and data is stolen

3. Privileged Account Abuse: before sensitive data is accessed or operations are impacted

Entities

Users

Page 3: LogRhythm - User behavior analytics

‹#› | Company Confidential

1. Insider Threats

Challenges:1. Trusted Users

2. Access to data

3. Users may be persuaded, coerced or bribed

Entities

Users

Page 4: LogRhythm - User behavior analytics

‹#› | Company Confidential

Suspicious Movement Detect abnormal behavior & access requests

Access to Sensitive Materials Monitor sensitive directories & files

Data Exfiltration Detect information movement

Insider Threats

Problem Solution

InitialCompromise

Command& Control

LateralMovement

Reconnaissance& Planning

TargetAttainment

• Exfiltration• Corruption• Disruption

Page 5: LogRhythm - User behavior analytics

‹#› | Company Confidential

2. Compromised Accounts

Challenges:1. Who is the user

2. What is normal

3. What did the real user do

Entities

Users

Page 6: LogRhythm - User behavior analytics

‹#› | Company Confidential

Spear-Phishing Emails Detect emails with suspicious addresses or attachmentsAbnormal Behavior Detect abnormal account behaviorCompromised Hosts Identify malware process startupLateral Movement & Brute Force Detect account sweeps and repeated authentication attemptsAccess to Sensitive Materials Monitor sensitive files, directories and applicationsData Exfiltration Detect information movement

Compromised Accounts

InitialCompromise

Command& Control

Reconnaissance& Planning

TargetAttainment

• Exfiltration• Corruption• Disruption

LateralMovement

Problem Solution

Page 7: LogRhythm - User behavior analytics

‹#› | Company Confidential

3. Privileged Account Abuse

Challenges:1. Highly Trusted User

2. Highly Privileged User

3. Knowledge and means

Entities

Users

Page 8: LogRhythm - User behavior analytics

‹#› | Company Confidential

Privileged Account Abuse

InitialCompromise

Command& Control

Reconnaissance& Planning

TargetAttainment

• Exfiltration• Corruption• Disruption

LateralMovement

• Detect inappropriate use of admin credentials

Credential Misuse Detect inappropriate use of admin credentials

Suspicious Administrator Behavior Identify anomalous behavior like excessive file activity

Temporary Account Creation Monitor and detect account creation, access, and deletion

Privilege Escalation Monitor when admins add privileges to their account

Access to Sensitive Materials Monitor sensitive files, directories and applications

Problem Solution

Page 9: LogRhythm - User behavior analytics

‹#› | Company Confidential

UserIdentityAccess

Privilege

NetworkConnection

DirectionContentVolume

EndpointProcessAccess

File Activity

External Context

Threat Intelli-gence

IP ReputationGeolocation

Internal ContextBusiness

ValueAsset Clas-sification

Risk RatingVulnerability

Applica-tion

AccessTransactions

ErrorsBehavior

Holistic Threat

Detection

Holistic Behavior Analysis

Behavior is recognized at the intersection ofmultiple attributes,not on a single attribute, UBA is one of those attributes

Page 10: LogRhythm - User behavior analytics

‹#› | Company Confidential‹#› | Company Confidential

Thank You

10


Behavior Analytics in Retail - Accuracy

Behavior Analytics in Retail - Accuracy

Data & Analytics
Understanding Behavior Flow Reports In Google Analytics

Understanding Behavior Flow Reports In Google Analytics

Data & Analytics
Detecting Insider Threats with User Behavior Analytics

Detecting Insider Threats with User Behavior Analytics

Technology
MAMBA RANSOMWARE ANALYSIS - LogRhythm...MAMBA RANSOMWARE ANALYSIS About LogRhythm LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly

MAMBA RANSOMWARE ANALYSIS - LogRhythm...MAMBA RANSOMWARE ANALYSIS About LogRhythm LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly

Documents
WANNACRY RANSOMWARE ANALYSIS - LogRhythm · & wbadmin delete catalog –quiet. PAGE 9 WAACRY RAOMWARE AALYSIS LogRhythm Signatures WannaCry_Command Arguments WannaCry_Initial Callout

WANNACRY RANSOMWARE ANALYSIS - LogRhythm · & wbadmin delete catalog –quiet. PAGE 9 WAACRY RAOMWARE AALYSIS LogRhythm Signatures WannaCry_Command Arguments WannaCry_Initial Callout

Documents
LogRhythm Visualize This

LogRhythm Visualize This

Documents
Behavior Informatics and Analytics: Let Behavior Talk

Behavior Informatics and Analytics: Let Behavior Talk

Documents
PRODUCT OVERVIEW LogRhythm and Symantec: … actionable threat data with advanced behavioral analytics for enterprise security intelligence LogRhythm has developed a solution which

PRODUCT OVERVIEW LogRhythm and Symantec: … actionable threat data with advanced behavioral analytics for enterprise security intelligence LogRhythm has developed a solution which

Documents
Customer Behavior Analytics of Shopping

Customer Behavior Analytics of Shopping

Retail
LogRhythm Supported Products List

LogRhythm Supported Products List

Documents
Revealing Behavior: Web Analytics Strategy 101

Revealing Behavior: Web Analytics Strategy 101

Data & Analytics
LogRhythm Cyber Security Event Slides

LogRhythm Cyber Security Event Slides

Internet
Security Intelligence - Can Big Data Analytics Overcome Blind Spots - Logrhythm

Security Intelligence - Can Big Data Analytics Overcome Blind Spots - Logrhythm

Documents
LogRhythm Detecting Advanced Threats Use Case

LogRhythm Detecting Advanced Threats Use Case

Technology
Behavior Analytics Social Media Mining. 2 Measures and Metrics 2 Social Media Mining Behavior Analytics Examples of Behavior Analytics What motivates

Behavior Analytics Social Media Mining. 2 Measures and Metrics 2 Social Media Mining Behavior Analytics Examples of Behavior Analytics What motivates

Documents
LogRhythm Password Hygiene Infographic

LogRhythm Password Hygiene Infographic

Technology
LogRhythm Advanced Intelligence Engine Data Sheet

LogRhythm Advanced Intelligence Engine Data Sheet

Technology
LogRhythm Innovation

LogRhythm Innovation

Documents
The Critical Infrastructure Attack Surface - LogRhythm · 2016/12/5  · User and Entity Behavior Analytics Endpoint Behavior Analytics Network Behavior Analytics Healthcare Snapshot

The Critical Infrastructure Attack Surface - LogRhythm · 2016/12/5  · User and Entity Behavior Analytics Endpoint Behavior Analytics Network Behavior Analytics Healthcare Snapshot

Documents
Analyzing Website Behavior with Google Analytics

Analyzing Website Behavior with Google Analytics

Marketing
User behavior analytics

User behavior analytics

Technology
Visual Analytics of User Behavior

Visual Analytics of User Behavior

Documents
FireEye and LogRhythm · with suspicious behavior patterns to gain greater speed and accuracy in incident response. THE VALUE OF THIS PARTNERSHIP The comprehensive nature of the FireEye-LogRhythm

FireEye and LogRhythm · with suspicious behavior patterns to gain greater speed and accuracy in incident response. THE VALUE OF THIS PARTNERSHIP The comprehensive nature of the FireEye-LogRhythm

Documents
LogRhythm Cyber Security in Enterprise Presentation

LogRhythm Cyber Security in Enterprise Presentation

Technology
Powered by - LogRhythm€¦ · Greg Foss Head of Global Security Operations LogRhythm. Sarah Miller. Threat Intelligence Analyst Carbon Black

Powered by - LogRhythm€¦ · Greg Foss Head of Global Security Operations LogRhythm. Sarah Miller. Threat Intelligence Analyst Carbon Black

Documents
na MAIL lo · 2018. 4. 18. · The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (N TBA) and security automation &

na MAIL lo · 2018. 4. 18. · The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (N TBA) and security automation &

Documents
LogRhythm Overview Data Sheet

LogRhythm Overview Data Sheet

Technology
LogRhythm Appliance Data Sheet

LogRhythm Appliance Data Sheet

Technology
Behavior Analytics in Retail - Service Intensity (Spanish)

Behavior Analytics in Retail - Service Intensity (Spanish)

Data & Analytics
Conversational User Behavior Analytics (1)

Conversational User Behavior Analytics (1)

Documents