Hacking Book | Free Online Hacking Learning


seven kinds of security risks that ueba can detect

Posted by graebner at 2020-03-16

User and entity behavior analysis (ueba) technology is a new member of network security tools market. It aims to provide functions that traditional network security tools such as firewall and intrusion prevention system (IPS) do not have. With ueba, companies can not only learn the intrusion indicators (IOC) from network traffic and anti malware scanning, but also deeply understand user behavior.

Ueba system can identify different types of abnormal user behavior, which can be regarded as threat and intrusion indicators. Here are 7 types of security risks that ueba technology can help detect.

1. Slow attack

Villains, outsiders and insiders all know that traditional security tools work based on basic thresholds. They know that if they do the same thing more than "X" times, an alarm will be triggered. As a result, they reduce the speed and scale of attacks in order to keep a low profile and avoid detection. For an example of this method, you can refer to a small amount of credit card number leaked by mail only once a day. Ueba can detect this pattern and identify it as repetitive behavior to be investigated.

2. collusion

Ueba can help identify a group of people who work closely together to suddenly change their behavior patterns. For example, a group of people decided to rob customer records for personal gain, but knew that security measures were monitoring. Therefore, each member takes part of the record and sends it to his / her personal account by email. Ueba will not only find out the sudden change of user behavior, but also mark it as a unified change within the group, and then mark the whole group.

3. Invisible in noise

Each employee has a role and must perform specific actions as required by the role. For example, Xiao Wang is in charge of the mortgage printing team. Xiao Zhao, who works as a financial consultant for the retirement plan in the same company, printed two mortgages in two weeks. Although printing the mortgage is very common for Xiaowang, Xiaowang's team and the company as a whole; it is too unusual for Xiaozhao and his team members. Ueba can identify those with abnormal behaviors from the crowd, and let the safety team start the investigation process to conduct targeted investigation without reviewing other people.

4. Continuous leakage test

If attempts to leak sensitive data are blocked, attackers often try another way to bypass the security system. For example, Xiao Zhang tried to email sensitive data to his personal account, but it was blocked. He continued to try to upload files to the cloud storage of his personal website, which was also blocked. Then, he tries to copy the file to the USB disk, and encounters the forbidden state that the USB port is unavailable again. So he clicked the "print" button - it worked! Ueba technology can put all these behaviors together, and Xiao Zhang will eventually welcome the visit of investigators at his own work station.

5. Curiosity risk

Some people just can't control which door they want to open. Many of them are just curious, or just want to touch the bottom line, but the reality is that these people are often faced with documents that they know should not be opened, but also can't help tickling open them. They will visit banned websites and try again and again, thinking that no one is really monitoring them. These employees are the most successful entry points for phishing attacks. Ueba can find these idle and boring people and warn them of these dangerous behaviors.

6. Resigned employees

Ueba can detect changes in the behavior of employees who are planning to leave, enabling the security team to detect them before they submit their resignation reports. It's important! As employees leave, sensitive data is often leaked. Because ueba can see the behavior changes that represent employees' turnover intention, these employees can be found before the data flows out of the company gate.

7. Long term lurkers

Unlike the bored itchy people, these people are really bad hearted. When looking for gold, they comb the file system and try to log in to anything they can find. These people are so ambitious that they don't stop until they find sensitive data of great value - or, by ueba, they will be cruising in the company's system.

Related reading

The ability and ability of user and entity behavior analysis

Ueba expectations, features and best practices