Even though organizations are taking security measures to monitor and protect their sensitive data, detecting insider threats remains one of the biggest challenges. Security Information and Event Management (SIEM) systems have become a crucial and essential component of complex enterprise networks to identify potential malicious insider activities. They typically aggregate, normalize, and correlate incidents/log data from multiple systems and platforms and analyse to detect threats. However, the interaction of user and entity behaviour analytics (UEBA) solution with SIEM systems offers revolutionary and innovative techniques for handling a large volume of generated logs and detecting anomalies within the system. UEBAs frequently analyse alerts using advanced machine learning algorithms to identify insider threats and abnormal behaviours that safeguard organizations’ critical resources. This research endeavours to evaluate different aspects of various UEBA and SIEM solutions in the market based on their capabilities to enhance data privacy and security along with log and entity management. This evaluation was accomplished considering intrusion detection capabilities which contribute to minimising the number of false-positive produced during the identification process. This study aims to use the literature review of top UEBA and SIEM vendors and the feedback of the highprofile network users and security experts in the UniCredit banking service with the help of the Accenture consulting team. A generalized design and feature set of top-level commercially available UEBA and SIEM solutions are presented along with the approaches described in the literature. This research assesses the value and success of behaviour analytics-based solutions in securing the network from not-before-seen attacks and their distinct features that fit the demands of the UniCredit requirements. It highlights the weaknesses and strengths of different SIEM-UEBA solutions and their effectiveness for detecting network attacks in real-time and near real-time interactions. This study presents a detailed comparison among top UEBA technologies focusing on their potential abilities and the common usage scenarios. The evaluation results in implementing the integrated Splunk UBA through on-promises deployment in the system and analysing the detection achievements and the system’s false positives.

Even though organizations are taking security measures to monitor and protect their sensitive data, detecting insider threats remains one of the biggest challenges. Security Information and Event Management (SIEM) systems have become a crucial and essential component of complex enterprise networks to identify potential malicious insider activities. They typically aggregate, normalize, and correlate incidents/log data from multiple systems and platforms and analyse to detect threats. However, the interaction of user and entity behaviour analytics (UEBA) solution with SIEM systems offers revolutionary and innovative techniques for handling a large volume of generated logs and detecting anomalies within the system. UEBAs frequently analyse alerts using advanced machine learning algorithms to identify insider threats and abnormal behaviours that safeguard organizations’ critical resources. This research endeavours to evaluate different aspects of various UEBA and SIEM solutions in the market based on their capabilities to enhance data privacy and security along with log and entity management. This evaluation was accomplished considering intrusion detection capabilities which contribute to minimising the number of false-positive produced during the identification process. This study aims to use the literature review of top UEBA and SIEM vendors and the feedback of the highprofile network users and security experts in the UniCredit banking service with the help of the Accenture consulting team. A generalized design and feature set of top-level commercially available UEBA and SIEM solutions are presented along with the approaches described in the literature. This research assesses the value and success of behaviour analytics-based solutions in securing the network from not-before-seen attacks and their distinct features that fit the demands of the UniCredit requirements. It highlights the weaknesses and strengths of different SIEM-UEBA solutions and their effectiveness for detecting network attacks in real-time and near real-time interactions. This study presents a detailed comparison among top UEBA technologies focusing on their potential abilities and the common usage scenarios. The evaluation results in implementing the integrated Splunk UBA through on-promises deployment in the system and analysing the detection achievements and the system’s false positives.

Evaluation of UEBA and SIEM tools for enhancing data security and management

ALIAKBARZADEH, SHABNAM
2021/2022

Abstract

Even though organizations are taking security measures to monitor and protect their sensitive data, detecting insider threats remains one of the biggest challenges. Security Information and Event Management (SIEM) systems have become a crucial and essential component of complex enterprise networks to identify potential malicious insider activities. They typically aggregate, normalize, and correlate incidents/log data from multiple systems and platforms and analyse to detect threats. However, the interaction of user and entity behaviour analytics (UEBA) solution with SIEM systems offers revolutionary and innovative techniques for handling a large volume of generated logs and detecting anomalies within the system. UEBAs frequently analyse alerts using advanced machine learning algorithms to identify insider threats and abnormal behaviours that safeguard organizations’ critical resources. This research endeavours to evaluate different aspects of various UEBA and SIEM solutions in the market based on their capabilities to enhance data privacy and security along with log and entity management. This evaluation was accomplished considering intrusion detection capabilities which contribute to minimising the number of false-positive produced during the identification process. This study aims to use the literature review of top UEBA and SIEM vendors and the feedback of the highprofile network users and security experts in the UniCredit banking service with the help of the Accenture consulting team. A generalized design and feature set of top-level commercially available UEBA and SIEM solutions are presented along with the approaches described in the literature. This research assesses the value and success of behaviour analytics-based solutions in securing the network from not-before-seen attacks and their distinct features that fit the demands of the UniCredit requirements. It highlights the weaknesses and strengths of different SIEM-UEBA solutions and their effectiveness for detecting network attacks in real-time and near real-time interactions. This study presents a detailed comparison among top UEBA technologies focusing on their potential abilities and the common usage scenarios. The evaluation results in implementing the integrated Splunk UBA through on-promises deployment in the system and analysing the detection achievements and the system’s false positives.
2021
Evaluation of UEBA and SIEM tools for enhancing data security and management
Even though organizations are taking security measures to monitor and protect their sensitive data, detecting insider threats remains one of the biggest challenges. Security Information and Event Management (SIEM) systems have become a crucial and essential component of complex enterprise networks to identify potential malicious insider activities. They typically aggregate, normalize, and correlate incidents/log data from multiple systems and platforms and analyse to detect threats. However, the interaction of user and entity behaviour analytics (UEBA) solution with SIEM systems offers revolutionary and innovative techniques for handling a large volume of generated logs and detecting anomalies within the system. UEBAs frequently analyse alerts using advanced machine learning algorithms to identify insider threats and abnormal behaviours that safeguard organizations’ critical resources. This research endeavours to evaluate different aspects of various UEBA and SIEM solutions in the market based on their capabilities to enhance data privacy and security along with log and entity management. This evaluation was accomplished considering intrusion detection capabilities which contribute to minimising the number of false-positive produced during the identification process. This study aims to use the literature review of top UEBA and SIEM vendors and the feedback of the highprofile network users and security experts in the UniCredit banking service with the help of the Accenture consulting team. A generalized design and feature set of top-level commercially available UEBA and SIEM solutions are presented along with the approaches described in the literature. This research assesses the value and success of behaviour analytics-based solutions in securing the network from not-before-seen attacks and their distinct features that fit the demands of the UniCredit requirements. It highlights the weaknesses and strengths of different SIEM-UEBA solutions and their effectiveness for detecting network attacks in real-time and near real-time interactions. This study presents a detailed comparison among top UEBA technologies focusing on their potential abilities and the common usage scenarios. The evaluation results in implementing the integrated Splunk UBA through on-promises deployment in the system and analysing the detection achievements and the system’s false positives.
UEBA
Data Security
Data management
File in questo prodotto:
File Dimensione Formato  
Aliakbarzadeh_Shabnam.pdf

accesso riservato

Dimensione 2.32 MB
Formato Adobe PDF
2.32 MB Adobe PDF

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/31548