top | item 39638097

(no title)

Nerada | 2 years ago

Essentially you hook up all your log sources to a User and Entity Behaviour Analytics (UEBA) platform, it comes up with a model of "normal" behaviour, and flags users for investigation when they start acting outside of those norms (or things you want to explicitly flag on).

No data egress for 6 months, then 20GBs of outbound traffic? Someone's getting notified to take a look and see what that was and where you sent it. You only authenticate against one host on the network, and suddenly you're hitting thousands of hosts? Someone's getting notified to investigate, &c.

discuss

No comments yet.