Transforming Security Operations: Netenrich's Partnership with Google Cloud Security
The increasing complexity and scale of cyber threats—fueled by AI and sophisticated tactics—have forced organizations to rethink how they secure...
2 min read
David Swift
:
Thu, Dec 29, 2022 @ 06:00 AM
Threats start with risks. Understanding risks is really just situational awareness. And that awareness leads to faster and better detection. The convergence of situational awareness, stitching risks and events together to find patterns that show malicious intent or misuse, is the point of User and Entity BEHAVIORAL ANALYTICS.
With machine learning, the right data (and enough data), and the right patterns, we can reduce mean time to detect and mean time to resolution (hint, integrate SOAR and workflow). It’s not rocket science and it doesn’t take a thousand rules.
Risk mitigation driven by situational awareness can go a long way toward preventing the unthinkable at a business. So, if you’re thinking about Cybersecurity Mesh Architecture (CSMA) now and tying vulnerabilities and configurations to events and actions, you’re thinking the way we are at Netenrich.
UEBA is just one step on the journey. It’s part of why we offer vulnerability management and patch management services and link the analytics to workflow and playbooks.
RISKS+IDENTITY+SIEM+UEBA+TIP+SOAR = Netenrich Resolution Intelligence Cloud
Resolution Intelligence Cloud is a platform that aggregates everything, converging collection, detection, and response at Google scale and speed.
It depends on where you keep your business-critical data. For example, where is your intellectual property, customer data, employee data, or financial transactions data? That’s the key data.
You need to collect those logs to get visibility around how users are interacting with the business-critical data.
Finally, make sure you have enough context around the data so that an analyst can make sense of the events. Threat intelligence, geo location, and peer attributes are incredibly valuable to show with an event, and to compare events from one user to another.
The tables below outline the key data sources and use cases to help you gain situational awareness and improve threat detection and response.
Collected data about | From | For |
Identity | IAM, HR, Physical Access | Peers, Entitlements, Hire/Fire |
Authentication | AD, SSO, VPN, Citrix | Source, App Requested |
Application | File Share, Banking, CRM, DB | Records Accessed/Transactions |
End User Events | Data Exfiltration Channel | |
Proxy | End User Events | Data Exfiltration Channel |
Firewall | In/Out | Bytes |
Threat intel | TIP - OSINT - MISP | Enrichment & Context |
Geo Location | MaxMind | Enrichment & Context |
Trigger | Log Source |
Activity by Terminated User | Authentication (VPN, AD, SSO, Citrix) |
Rare Login - Unusual Country | Authentication (VPN, AD, SSO, Citrix) |
Rare File or Folder Accessed | SharePoint, Box, Windows |
Rare Transaction | Application Log |
Spike in Events | Any |
Spike in Total Bytes | Firewall, Proxy, Flow |
Spike in Total Currency Transacted | Application Log |
Unusual File or Folder Accessed | SharePoint, Box, OneDrive |
Rare Login - Unusual Time | Authentication (VPN, AD, SSO, Citrix) |
Physical Security - Unusual Door or Location | Badge Reader/Physical Access |
Email to Competitor Domain | |
Employee Risk - Resume/CV Sent | |
Employee Risk - Browsing Job Sites | Proxy |
Physical Security - Login without Badging In | Badge Reader, Auth |
Impossible Travel | Authentication (VPN, AD, SSO, Citrix)+GEOIP [MaxMind] |
Physical Security - Lexus/Nexus Finding | Lexus/Nexus |
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
The increasing complexity and scale of cyber threats—fueled by AI and sophisticated tactics—have forced organizations to rethink how they secure...
Security operations (SOC) leaders dream of having a fully scaled unit of security analysts equipped with advanced tools and automation to...
Today adaptable, context-aware SecOps are vital for managing advanced cyber threats. While AI lays the foundation for this SOC adaptability,...