Customized sex shop are also available.
Satisnet Ltd, Suite B, Building 210, The Village, Butterfield Business Park, Great Marlings, Luton, Bedfordshire, LU2 8DL [email protected]
+44 (0) 1582 369330

Automated UEBA

Automated User and Entity Behavior Analytics (UEBA) - Identity Threat Investigation

Users, devices, locations, application, remote working – what’s really going on?

With remote and distributed working on the rise, hackers and malicious insiders can seize hold of your infrastructure utilising a variety of TTPs across a multitude of surfaces – cloud, SaaS, email, on-premise AD or via an endpoint…or a combination of these attack surfaces.

Microsoft Security have launched a next-generation UEBA solution – Identity Threat Investigtation (ITI):

  • Fast and easy to deploy unlike traditional SIEM/UEBA tools
  • Correlates across all attack surfaces – critical data stores, cloud, on-premise, email, server and desktop
  • Automatically investigates and threat hunts your environment
  • Continuously prioritises the most risky and assets/personnel
  • Recommends and automates steps to remediate risks
  • Cyber awareness platform that focuses on training users on real-world alerts in your environment
  • Continuous security hardening using breach assessment based on the MITRE ATT&CK framework

ITI takes note of the ‘normal’ conduct of users and entities within your organisation and, in turn, detects any anomalous behaviour or instances when there are deviations from these normal patterns. Machine learning is used to generate a unique ‘Investigation Priority Score’ for each entity within your organisation, based on a variety of mathematical models, and calculated over a rolling seven-day period. Essentially, ITI does most of the investigation work for you. Entity and employee credentials can be easily compromised – ITI focuses on monitoring entities and users normal behaviour once inside the network.

ITI allows you to:

  • Detect Insider Threats
    • Detect data breaches, sabotage, privilege abuse, and policy violations made by your own employees.
  • Detect Compromised Accounts
    • Sometimes, user accounts are compromised. ITI assists in ‘weeding out’ spoofed and compromised users before they can do real harm.
  • Detect Brute-Force Attacks
    • Hackers sometimes target your cloud-based entities. With ITI, you are able to detect brute-force attempts, and then block access to these entities.
  • Detect Changes in Permissions and Creation of Super Users
    • Some attacks involve the use of super users. ITI allows you to detect when super users are created, or accounts that were granted unnecessary permissions.
  • Detect Breach of Protected Data
    • If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when they not have any legitimate business reason to access it.

**Satisnet’s UEBA Managed Security Services**

It doesn’t stop there! Satisnet offer a wide-range of managed services, specifically aligned to the UEBA Identity Threat Investigation solution, to provide an extension to your cyber security, infrastructure and human resource (HR) functions.

These range from;

  • Alerts Triage – office hours, out-of-office hours and 24x7x365 offerings
  • Threat Investigation and Hunting
  • Cyber awareness content creation and phishing simulations pertinent to your environment and industry
  • Breach & Attack Simulation (BAS) based on industry intelligence – followed by security hardening using simulation findings
  • Advice on policies and procedures for HR teams based on platform results

Ease of Deployment

Majority of setup and configuration is cloud-based within the customer Azure tenant. The only on-premise deployment needed is the AD Domain Controllers. A 'running period' is needed to gather the data on 'normal behaviour' - thereafter, the Satisnet team tune and prioritise the platform to automatically track the users and incident types that are most important to your organisation.

Evolving With You

The UEBA-ITI roadmap is based on deploying an agile and 'light touch' platform. Collecting as much User and Entity data as possible, Office365 ATP can be can be quickly added to your setup. Defender for Endpoint can also be added to gain access to the full Microsoft Threat Protection (MTP) stack.

Microsoft Integrated Strategy

Identity Threat Investigation (ITI) and MTP can be integrated into a larger strategy of running Microsoft Azure Sentinel as the organisational SIEM and threat hunting platform. Essentially, this provides unparalleled Entity and User detection and remediation.

More From Microsoft Security

Related Events