Streamlining Incident Detection with UEBA (User and Entity Behavior Analytics)

TechSpective Podcast Episode 107

 

IT security teams have a tough job–made more challenging by the growing complexity of the attack surface and technology landscape and the overwhelming volume of information. They need to be able to accelerate the processing and analysis of data so they can streamline the decision-making and incident response processes. That is where UEBA can help.

Kumar Vikramjeet, a Senior Security Engineer on the threat hunting team at Adobe, joins me on this episode of the TechSpective Podcast to talk about how he and his team leverage machine learning (ML) and artificial intelligence (AI) to conduct User and Entity Behavior Analytics (UEBA) to detect anomalous activity related to a user or device that might indicate malicious activity.

Kumar recently wrote about the topic in a blog post for Adobe titled, “Fast-Tracking Incident Detection with User and Entity Behavior Analytics (UEBA).” In the blog post, he states, “At Adobe, we chose to develop our UEBA framework in-house to fit within our security ecosystem, including our existing security information and event management (SIEM) and endpoint detection and response (EDR) platforms. Doing this has enabled us to prioritize the use cases that are most important to Adobe’s threat-hunting efforts — designed and developed by our internal team of threat hunters and security analysts according to prioritized threat models — rather than rely on a third-party vendor to make changes to their tool to meet our specific needs.”

The blog post describes the six primary steps that comprise the UEBA framework employed at Adobe: Use Cases, Data, Analytics, Correlation, Enrichment, and Detection. Kumar summarizes that UEBA can reduce noise and accelerate the speed and accuracy of incident detection.

Check out the full episode for our discussion of streamlining incident detection with UEBA. We also chat about the distinction between UBA (user behavior analytics) and UEBA (user and entity behavior analytics).

The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post