FOSSMeet 2020

FOSSMeet is an annual event at NIT Calicut that brings together the Free and Open Source Community from around the country.

UEBA for InfoSec

Submitted by Kai Iyer (@kaiiyer) on Feb 28, 2020

Status: Submitted

Abstract

An overview of an intelligence platform we have built to address threat hunting and incident investigation use-cases in the cyber security domain. Specifically, we focus on User and Entity Behavior Analytics (UEBA) modules that track and monitor behaviors of users, IP
addresses and devices in an enterprise. The security platform performs UEBA to detect the security
related anomalies and threats, regardless of whether such anomalies/threats were previously known.

Outline

What is UEBA ?
Use Cases
How does it Work ?
Future Scope

The security platform includes both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
How UEBA is different from SIEM and why it is important for an organization ?

Requirements

A Dev Laptop and an open mind.

Speaker bio

I’ve been working in the field of Information Security for 4+ years. Mentored devs in technical events, taken sessions at Industry and have written blogs on the same. I’ve worked with EY as a SOC Analyst, regularly contributed to Opensource and have won various tech events. I am a volunteer for Kerala Police Cyberdome and hold certifications like CEH(Certified Ethical Hacker), RHCSA(Red Hat Certified System Administrator) etc. With the right vision, experience and skillset I believe I’m the right person for taking this session.

Links

Slides

https://docs.google.com/presentation/d/1LxAKmpZQZXFB15PoPpBMbunJ6ch9SHqOsZo8BW6dEVY/edit?usp=drivesdk

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}