Next-Generation SIEM and UEBA
Next-Generation SIEM and UEBA
What does it mean and, more importantly, what are the benefits of a Next-Generation SIEM and/ or UEBA solution for my organisation?
Hackers abuse and exploit computers and computer networks to make a profit. However, they are not the only ones that can exploit these to profit: we rely on the best system information and event management (SIEM) to detect signs of harmful activity, and prevent your networks from potential harm from wide range of attacks and post attack activity. SIEM is a complete and integrated platform intended for active and passive monitoring of your networks to detect suspicious events and activities and to predict attacks before they occur. This way you can prevent small issues becoming un-manageable and cyber-attacks escalating into something which can negatively impact your business or core activities.
Similarly, these platforms run 24/7 to detect suspicious behaviour, extend protection for your networks and digital assets while detecting and immediately notifying attacks and problems in your networks.
A Next-Gen SIEM platform reinforces top-down monitoring of network and cloud application-activities with applied analysis techniques that recognize security incidents as they occur. These new techniques have emerged as a result of available better security analysis techniques and the collection of ever-increasing and varied types of activity data, allowing SIEM suppliers to apply new methodologies for business data analysis. As a result, Managed Security Service Providers (MSSPs) and end-user organizations are better able to identify deviant behaviour -and act accordingly -as soon as it happens.
One of the most important parts of such a system is increasingly being referred to as User and Entity Behaviour Analytics (UEBA) -and this appears to be indispensable in quickly identifying malicious activities before they lead to the actual theft of sensitive data from corporate networks or servers.
Network attacks are consistently getting more advanced and can often bypass typical security defences. Hacked or spoofed credentials are often overlooked or not immediately detected, which can lead to significant data breaches. User and Entity Behavior Analytics (UEBA) is now more important than ever to help identify and detect intrusions, suspicious behavior, or malicious/anomalous activity. So, what exactly is UEBA?
UEBA is the process of baselining user activity and behavior, combined with peer group analysis, to detect potential intrusions and malicious activity. The best security system doesn’t mean anything if compromised credentials can easily access your data. Companies must now provide a flexible security system that can identify anomalous user activity in order to prevent all avenues of breaches.
UEBA has become one of our focal points and we will continue to focus on and improve our UEBA capabilities to provide you total data security. At Custodian, we’re actively developing and implementing smart rules and methods that will help you identify and prevent malicious activity in a timely manner. The Custodian Session Policy, for example, allows you to set actions based on detected anomalous activity including:
- New User-Agent and Location Detected: Triggers an alert when a new device and location are used.
- Consecutive Login Failures: Specify the number of login failures within a timeframe and delay the login or force re-authentication across all of the user’s sessions.
- Suspicious User Locations: Detects if a user logs in from distant locations in a small period of time and delay login, force re-authentication, or require two-factor authentication.
Custodian takes this basic UEBA functionality one step further with the ability to identify strange user behavior across different apps. For example, if a user logs into Office 365 from California and then shortly after logs into Salesforce from New York, our UEBA solutions can identify an anomalous activity is taking place and trigger an alert and action (e.g. two-factor authentication requirement). This coupled with in-depth reports on user activity makes a UEBA solution one of the most important components for total data protection.
Our Next-Gen SIEM and UEBA solutions
Custodian uses for her own SIEM services as well as for our SIEM as a Service offering, a number of pioneering and innovative security software vendors for which Custodian is also an officially certified implementation partner and Value Added Reseller(VAR).
Our Technology Partners in the field of Next-Generation SIEM and UEBA are LogRhythm and Securonix. You will find both companies in the so-called ‘Magic Quadrant for Security Information and Event Management’ from Gartner. Gartner, officially Gartner Inc., is a global research and consulting firm in the information technology sector.