QA Outsourcing

Quick Links

Suggested Search

Pricing
toggle
Pricing
QASource Blog Blog Arrow

Behavior Analytics in Cybersecurity

Quarterly Security Testing Expert Series - Vol 1/4 2020

Security Testing, QA Security, ShieldCast, Cybersecurity
Timothy Joseph
Timothy Joseph | March 31, 2021
 

Main Components of UEBA

Main Components of UEBA
  • 1

    User Monitoring and Data Collection System

    The user and entity activities are monitored for anomalies. Different behavioral factors are analyzed from generally visited websites to typically used applications.

  • 2

    Machine Learning System

    A large amount of data generated by user monitoring systems is used and analyzed by machine learning system to detect anomalies.

 

Use Cases

 

UEBA vs SIEM

Security Information and Event Management (SIEM) tools are also an option for teams looking to understand user behaviors.

The following are the key differences between UEBA and SIEM tools.

UEBA SIEM
Operates in real-time.
Point-in-time analysis of event data.
Machine learning models and algorithms are used to analyze data in real time.
Manual effort is mostly required to analyze the data.
Provides risk scoring that rank the threats efficiently.
Alerts are generated based on events that may or may not be malicious.
Processes huge amounts of structured and unstructured data.
Processes structured logs only.
 

Sample UEBA Report

Security Events

Risk Levels

 
  • Medium
  • High

Anomalous Reasons

 
  • Suspicous Endpoint
  • Unusual User Location
  • Unusual User Login Time
  • Unusual Application Access

Anomalous Activity

Risk Level Timestamp Result User Application Access Device Second Factor
High
Unusual Application Access

The activity is:
Normal
Unnormal
10:39 PM
January 04, 2021
DeniedEndpoint is not Trusted
Jmarty
Python Web SDK (kmb)
> iOS 14.4
Passcode
High
Unusual Application Access
08:24 PM
January 04, 2021
DeniedEndpoint is not Trusted
Psmith
Microsoft OWA 166
> iOS 14.3
Passcode
Medium
Suspicious Endpoint
06:05 PM
January 04, 2021
DeniedEndpoint is not Trusted
Bjoseph
Juniper SSL VPN 10
> iOS 13.5
Passcode
 

Best Practices

Best Practices
  • Identify the sources of data for user behavior, network flows, and system logs.
  • Enable active directory auditing to track user activity on your systems.
  • Audit the systems with sensitive information.
  • Track details on account creation and account logins.
  • Frequently review account permissions.
  • Provide UBA solution with all the data.
  • Regularly review UBA reports and investigate incidents.
  • Create relevant use cases and use datasets to find security solutions.
  • Utilize tools like Microsoft Advanced Threat Analytics and Incydr.
Have Suggestions?

Have Suggestions?

We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com

Disclaimer

This publication is for informational purposes only and nothing contained in it should be considered legal advice. We expressly disclaim any warranty or responsibility for damages arising out of this information and encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.

Related Posts

A Complete Guide to Salesforce QA Testing in 2023

A Complete Guide to Salesforce QA Testing in 2023

Security Testing, Salesforce Testing

Publish Date 07 Mar 2023

Salesforce is, without a doubt, the most popular and recognized customer relationship management (CRM) tool. Due to its system being flexible and supportive of companies across every industry and every size, it requires continuous testing and regular maintenance, and constant upgrades of features in order for the businesses to remain competitive.

Continue Reading
Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain

Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain

Test Strategy & QA Methodologies, QA Security, Software Testing

Publish Date 21 Oct 2020

These days, a news story on a cyberattack is as common as the weather report. To defend against these potential attacks, companies have created products and software applications designed to secure their data. But can these security products and applications provide full protection against these threats?

Continue Reading
Session Management Vulnerability Trends

Session Management Vulnerability Trends

Security Testing, ShieldCast, Web Security, Cyber Security Testing Company

Publish Date 09 Jun 2022
Continue Reading
Role of Cyber Security in SaaS

Role of Cyber Security in SaaS

Security Testing, Application Security, Cybersecurity, Cybersecurity Testing, Cybersecurity Services

Publish Date 16 May 2023

With the increasing adoption of SaaS (Software as a Service) platforms, the number of cyber threats and attacks is also rising. SaaS platforms store sensitive and confidential data, making them a prime target for cybercriminals. As a result, it is imperative to ensure the security of SaaS platforms to prevent data breaches, data theft, and unauthorized access. The potential loss of data and its impact on a company's reputation can be catastrophic. Therefore, implementing robust cybersecurity in SaaS is critical to protect SaaS platforms and their users.

Continue Reading

Is QA Outsourcing Right For Your Company?

Talk to our experts about your company's QA testing needs to determine whether outsourcing is right for you.

Written by QA Experts

QASource Blog, for executives and engineers, shares QA strategies, methodologies, and new ideas to inform and help effectively deliver quality products, websites and applications.