Section 21.206 User Behaviour Analytics Flashcards
Objective 4.1 Given a scenario, you must be able to apply common security techniques to computing resources. Objective 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security.
User Behavior Analytics (UBA)
Advanced cybersecurity strategy that uses big data and machine learning to analyze user behaviors for detecting security threats
■ Focuses on understanding user behavior within systems and networks to identify patterns and anomalies
User and Entity Behavior Analytics (UEBA)
Technology similar to UBA but extends the monitoring of entities like routers, servers, and endpoints in addition to user accounts
■ Enhances security by analyzing both user and entity behavior to detect
anomalies
Key Aspects of UBA and UEBA
UBA leverages data analytics to collect and analyze user behavior data to establish normal behavior baselines
● Knowing the baseline makes it easier to spot anomalies
■ Machine learning algorithms are used to identify deviations from normal behavior, which may indicate security threats
■ UBA systems process data from various sources:
● Network traffic
● User devices
● Application logs
■ Alerts are generated when anomalies are detected, which are then investigated by the security team
Benefits of UBA and UEBA
Early Detection of Threats
UBA tools can identify potential threats before significant damage occurs, allowing for quicker and more effective responses
Benefits of UBA and UEBA
Insider Threat Detection
Effective at identifying insider threats by detecting suspicious activities that deviate from typical behavior
Improved Incident Response
Provides detailed information about user behavior, helping security teams
respond effectively to incidents, such as compromised credentials or unauthorised actions
