
Automated User and Entity Behavior Analytics (UEBA) - Identity Threat Investigation
Users, devices, locations, application, remote working – what’s really going on?
With remote and distributed working on the rise, hackers and malicious insiders can seize hold of your infrastructure utilising a variety of TTPs across a multitude of surfaces – cloud, SaaS, email, on-premise AD or via an endpoint…or a combination of these attack surfaces.
Microsoft Security have launched a next-generation UEBA solution – Identity Threat Investigtation (ITI):
- Fast and easy to deploy unlike traditional SIEM/UEBA tools
- Correlates across all attack surfaces – critical data stores, cloud, on-premise, email, server and desktop
- Automatically investigates and threat hunts your environment
- Continuously prioritises the most risky and assets/personnel
- Recommends and automates steps to remediate risks
- Cyber awareness platform that focuses on training users on real-world alerts in your environment
- Continuous security hardening using breach assessment based on the MITRE ATT&CK framework
ITI takes note of the ‘normal’ conduct of users and entities within your organisation and, in turn, detects any anomalous behaviour or instances when there are deviations from these normal patterns. Machine learning is used to generate a unique ‘Investigation Priority Score’ for each entity within your organisation, based on a variety of mathematical models, and calculated over a rolling seven-day period. Essentially, ITI does most of the investigation work for you. Entity and employee credentials can be easily compromised – ITI focuses on monitoring entities and users normal behaviour once inside the network.
ITI allows you to:
- Detect Insider Threats
- Detect data breaches, sabotage, privilege abuse, and policy violations made by your own employees.
- Detect Compromised Accounts
- Sometimes, user accounts are compromised. ITI assists in ‘weeding out’ spoofed and compromised users before they can do real harm.
- Detect Brute-Force Attacks
- Hackers sometimes target your cloud-based entities. With ITI, you are able to detect brute-force attempts, and then block access to these entities.
- Detect Changes in Permissions and Creation of Super Users
- Some attacks involve the use of super users. ITI allows you to detect when super users are created, or accounts that were granted unnecessary permissions.
- Detect Breach of Protected Data
- If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when they not have any legitimate business reason to access it.
**Satisnet’s UEBA Managed Security Services**
It doesn’t stop there! Satisnet offer a wide-range of managed services, specifically aligned to the UEBA Identity Threat Investigation solution, to provide an extension to your cyber security, infrastructure and human resource (HR) functions.
These range from;
- Alerts Triage – office hours, out-of-office hours and 24x7x365 offerings
- Threat Investigation and Hunting
- Cyber awareness content creation and phishing simulations pertinent to your environment and industry
- Breach & Attack Simulation (BAS) based on industry intelligence – followed by security hardening using simulation findings
- Advice on policies and procedures for HR teams based on platform results