Application of big data to secure and monitor Enterprise system and Data integrity using UEBA Approach
Zubair Shahzad
Senior Software Engineer | Full Stack Engineer| Digitization & Automation Expert | Data Engineer| Data analyst | AI Engineer | Solution Architect | Software Architect |TOGAF Certified Professional
Table of Contents
Abstract
Now a days there is new trend in Enterprise organization as well as small companies work from home. mostly employees are performing their job from home. In this working model as, we have seen productivity of employees is increase, Same time there is new challenge arise for companies to secure their Data integrity as Well as systems. As we know , security of technical systems as well as data integrity is very important for every company. companies are spending a large amount of investment to secure data and systems. After covid as we know many employees are working from home so securing the data and system is more complicated because employees are working outside the companies’ premises. so, it’s really complicated to maintain the security of employee laptop. Lack of monitoring Any hacker can compromise the employee Laptop and steal the critical data. Although companies are using firewalls and many SIEM system to secure but still there are many types of breaches happened in different companies. We take the advantage of User and Entity Behavior Analysis (UEBA) technique and implement some intelligent solution using big data tools, machine learning and deep learning model to overcome this problem.
Introduction.
Enterprise as well as small company started working from home after covid. due to work from home employee are outside the company network infrastructure and they are Using some kind VPN and other method to get access company network. In this situation the probability of hacker’s attacked is high. Although companies using tools and techniques to protect the data system but still there are not enough protection of data and systems. We apply big data and machine and deep learning model to predict malicious activity. one of best method is to analyze the behavior of employee by using machine and deep learning models and predict any anomalies and notify the Security team or alert to concern team.
Big data.
Now a days huge volume of data is generation in every seconds. Like social media, business network data. Traditional database management system cannot handle this amount of data and these tradition tools are not enough.
to handle this huge amount of data, we have separate tools and systems to store and process this amount of data.
Big data define as data contains variety, large volume with more velocity. in big data we deal with 5vs of data
By using some modern AI and statical techniques we can analyze this data and extract some useful information.
Big data lifecycle divided into some stages:
Tradition Method to Secure Infrastructure and Data integrity.
Traditional method of securing the infrastructure and data integrity is security information and event management (SIEM). SIEM is rule base security Management system. By security rules and systems log we will try to identify the threats. SIEM is a manual process. security information and event management do not deal with behavior of user or entity.
User and Entity Behavioral Analytics (UEBA).
Most of the Companies are using firewalls to protect their security but sometime hacker can bypass or break the firewall and perform any malicious activity
User and entity Behavioral Analytic is a approach in security solutions define by Gartner. In UEBA we use big data tools and machine learning and deep learning models to predict the behavior of user and devices. In UEBA we try to predict the normal and abnormal behavior of user and devices in a company. We try to find out is there any deviation in normal pattern we Can notify the concern team.
Before going further let’s understand what is meant by user behavior in User and Entity Behavioral Analytics (UEBA). User behavior meant how the user is behaving with like what the activities are that user is performing on hourly, daily, weekly base try to identify the set of features for each user within each time period.
For example we try to monitor the daily user access behavior to the system. below are the features that are computed of each user
Base of this features we will try to detect anomalies
UEBA is useful and important component in Data integrity and secure the system.
Three Pillars of User and Entity Behavioral Analytics (UEBA).
There are three pillars of UEBA as per Gartner:
UEBA help us in following use case:
Detecting inside threats: sometimes companies’ employees try to do violation of policy or security policy. They use their account to get access to data for which they are not authorize. By analyzing the activity of user, we can identify and notify to concern team.
Detecting malicious account or hacked account: sometimes employees user account is compromised, and hackers try to do install malware or run any service that is not required for that user. UEBA will notify concern team.
Brute force attack: sometimes hackers try to do brute force attack on system to get access. By using UEBA technique we can detect the brute force and notify
Detecting changes at root level user permissions: if someone try to change permission root user to attach at root then UEBA Will help to detect this.
Detecting any malicious activities: sometime companies have confidential data. They want to track who is accessing that data if anyone unauthorized person tries to access UEBA will help to detect this issue.
Working or functioning of User and Entity Behavioral Analytics (UEBA)
Big Data analytics and User and Entity Behavioral Analytics (UEBA).
Big data analytics has very important role in implementing User and Entity Behavioral Analytics UEBA solution. As we discussed UEBA is process of analyzing and identification of abnormal behavior of user and devices. In old days or traditionally the methods was used to perform anomalies detection using statistical model and analysis.
But now we can use machine learning and deep learning (neural networks) to perform analysis of user behavior. There are various methods to perform anomalies detection in User and Entity Behavioral Analytics (UEBA) using deep learning and machines learning models. Anomaly detection can be performed on labeled and unbaled data.
If we have labeled data, then we will perform supervised learning if we have unlabeled data then we will perform unsupervised learning.
As we know at Enterprise level there is no. of users and device in organization. And these users and device are performing activities on (hourly ,daily,weekly) bases and there is huge volume of data generation like
We will get Varity of data from users’ activities and devices in network. And we can perform big data Lifecyle to implement UEBA
领英推荐
After collection of data from different source, We will perform the following steps:
there are different method and tools in big data to perform task
Benefits of User and Entity Behavioral Analytics (UEBA).
Source: (Tanya Akutota1, 2017)
Challenges in User and Entity Behavioral Analytics (UEBA).
As we know there are many challenges while adopting the big data in every application of any area.
Some of challenges face by big data are
While implementing User and Entity Behavioral Analytics (UEBA), there are some challenges.
Before deploying UEBA solution we need to more research on behavior of entity and users.
These are something challenges that we can face during implementation of UEBA:
Conclusion.
User and Entity Behavioral Analytics (UEBA) can support cybersecurity in advance level by add adding AI-based userbase activity analysis and predictive incident detection.
Lots of Enterprise organization spending money to train their employees. There is a cost of training also by using this UEBA we analyze the behavior of user and increase. Security of system.
We can detect many attacks like account comprising, long-term insider activity that is against organization policy and root privileges.
User and Entity Behavioral Analytics (UEBA) is good option or more efficient then tradition tools it can take time to deployment because training of a model will take time.
We can take the advantage of huge data from system logs and user activity analyse it to get helpful information.
UEBA can also cost effective because there is only one time cost for development after that the maintenance cost will be reduced.
Various machine learning and deep learning techniques like K-means clustering, classification, Regressions can used in UEBA algorithms.
UEBA systems can also helpful to tool for training new security engineers ,
References:
Vidyapeetham, A. V., 2021. Detecting Anomalies in Users – An UEBA Approach, s.l.: Amrita Vishwa Vidyapeetham.
Miri, F. R. a. A., 2021. User and Event Behavior Analytics on Differentially Private Data for Anomaly Detection. [Online]
Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9463573
[Accessed 2022].
splunk, n.d. What Is User Behavior Analytics (UBA)/User Entity Behavior Analytics (UEBA)?. [Online]
Available at: https://www.splunk.com/en_us/data-insider/user-behavior-analytics-ueba.html
[Accessed 2022].
Madhu Shashanka, M.-Y. S. J. W., n.d. User and entity behavior analytics for enterprise security. [Online]
Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7840805
[Accessed 2022].
Tanya Akutota1, S. C., 2017. An Overview and Application of User Behavior Analytics. An Overview and Application of User Behavior Analytics, p. 6.