| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
What is UEBA?
New technologies and remote work continue to grow the attack surfaces of organizations. To make matters worse, organizations are struggling to find the adequate amount of analysts to take on this increasing workload as the supply-demand gap in the cybersecurity labor market continues to grow. As a result, alert fatigue caused by modern SoCs leads to undesired results including analyst burnout and significant missed alerts.
...
In order to bridge this skill and labor gap, Devo’s Autonomous SoC aims to empower analysts to perform higher level workflows. Whereas traditional SIEMs tend to require analysts sift through thousands of alerts a day, Behavioral Analytics allows analysts to take a different approach and to identify the riskiest ‘entities’ to investigate further instead. Entities are often defined as the components of a network: think IPs, domains, applications, and so forth. The normal behavior of these entities can be used to generate a ‘baseline’ or normal behavior. Any deviations against the baseline are then flagged and can be marked for further investigation by the analyst.
How it can help you
By allowing analysts to prioritize and drill-down into risky entities, analysts can spend less time triaging irrelevant alerts and more time performing higher level SoC tasks such as incident management. Behavior Analytics can increase the time-to-value of their SIEM, spend less time dealing with false positives, and perhaps most important of all, help reduce the number of false negatives in their SoC.
...