Previous proposalThe Debian Project
UEBA for InfoSec
Submitted by Kai Iyer (@kaiiyer) on Friday, 28 February 2020
An overview of an intelligence platform we have built to address threat hunting and incident investigation use-cases in the cyber security domain. Specifically, we focus on User and Entity Behavior Analytics (UEBA) modules that track and monitor behaviors of users, IP
addresses and devices in an enterprise. The security platform performs UEBA to detect the security
related anomalies and threats, regardless of whether such anomalies/threats were previously known.
What is UEBA ?
How does it Work ?
The security platform includes both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
How UEBA is different from SIEM and why it is important for an organization ?
A Dev Laptop and an open mind.
I’ve been working in the field of Information Security for 4+ years. Mentored devs in technical events, taken sessions at Industry and have written blogs on the same. I’ve worked with EY as a SOC Analyst, regularly contributed to Opensource and have won various tech events. I am a volunteer for Kerala Police Cyberdome and hold certifications like CEH(Certified Ethical Hacker), RHCSA(Red Hat Certified System Administrator) etc. With the right vision, experience and skillset I believe I’m the right person for taking this session.