Skip to main content
Skip to footer

Sharpening Threat Detection with User and Entity Behavior Analytics

 

Geetali Raj

Delivery Head, IAM Solution Centers, TCS Cyber Security

Chintan Savai

Lead Security Consultant, Managed Detection and Response CoE, TCS Cyber Security

Leveraging machine learning and AI algorithms to track anomalies in user behavior to detect threats 

User and entity behavior analytics (UEBA) underpinned by artificial intelligence (AI), machine learning (ML) and data science is pivotal to effective detection of insider and advanced threats. However, this requires ensuring successful implementation of UEBA tools by complimenting the existing security operations center, leveraging data sources beyond end-user computing and network data, drawing insights from contextual data, and enabling enterprise-wide implementation. At the same time, it is crucial to get the building blocks and AI techniques right. These include:

• Getting data about access and activities of all types of users, including humans and systems

• Analyzing user details, peer groups, privileged access details, and critical network segments

• Defining the purpose and relevant user base for proper analytics

• Identifying the range of behavior and response that can be termed ‘usual behavior’ 

• Monitoring for anomalies and fostering a consistent feedback cycle