Even though organizations are taking security measures to monitor and protect their sensitive data, detecting insider threats remains one of the biggest challenges. Security Information and Event Management (SIEM) systems have become a crucial and essential component of complex enterprise networks to identify potential malicious insider activities. They typically aggregate, normalize, and correlate incidents/log data from multiple systems and platforms and analyse to detect threats. However, the interaction of user and entity behaviour analytics (UEBA) solution with SIEM systems offers revolutionary and innovative techniques for handling a large volume of generated logs and detecting anomalies within the system. UEBAs frequently analyse alerts using advanced machine learning algorithms to identify insider threats and abnormal behaviours that safeguard organizations’ critical resources. This research endeavours to evaluate different aspects of various UEBA and SIEM solutions in the market based on their capabilities to enhance data privacy and security along with log and entity management. This evaluation was accomplished considering intrusion detection capabilities which contribute to minimising the number of false-positive produced during the identification process. This study aims to use the literature review of top UEBA and SIEM vendors and the feedback of the highprofile network users and security experts in the UniCredit banking service with the help of the Accenture consulting team. A generalized design and feature set of top-level commercially available UEBA and SIEM solutions are presented along with the approaches described in the literature. This research assesses the value and success of behaviour analytics-based solutions in securing the network from not-before-seen attacks and their distinct features that fit the demands of the UniCredit requirements. It highlights the weaknesses and strengths of different SIEM-UEBA solutions and their effectiveness for detecting network attacks in real-time and near real-time interactions. This study presents a detailed comparison among top UEBA technologies focusing on their potential abilities and the common usage scenarios. The evaluation results in implementing the integrated Splunk UBA through on-promises deployment in the system and analysing the detection achievements and the system’s false positives.
Even though organizations are taking security measures to monitor and protect their sensitive data, detecting insider threats remains one of the biggest challenges. Security Information and Event Management (SIEM) systems have become a crucial and essential component of complex enterprise networks to identify potential malicious insider activities. They typically aggregate, normalize, and correlate incidents/log data from multiple systems and platforms and analyse to detect threats. However, the interaction of user and entity behaviour analytics (UEBA) solution with SIEM systems offers revolutionary and innovative techniques for handling a large volume of generated logs and detecting anomalies within the system. UEBAs frequently analyse alerts using advanced machine learning algorithms to identify insider threats and abnormal behaviours that safeguard organizations’ critical resources. This research endeavours to evaluate different aspects of various UEBA and SIEM solutions in the market based on their capabilities to enhance data privacy and security along with log and entity management. This evaluation was accomplished considering intrusion detection capabilities which contribute to minimising the number of false-positive produced during the identification process. This study aims to use the literature review of top UEBA and SIEM vendors and the feedback of the highprofile network users and security experts in the UniCredit banking service with the help of the Accenture consulting team. A generalized design and feature set of top-level commercially available UEBA and SIEM solutions are presented along with the approaches described in the literature. This research assesses the value and success of behaviour analytics-based solutions in securing the network from not-before-seen attacks and their distinct features that fit the demands of the UniCredit requirements. It highlights the weaknesses and strengths of different SIEM-UEBA solutions and their effectiveness for detecting network attacks in real-time and near real-time interactions. This study presents a detailed comparison among top UEBA technologies focusing on their potential abilities and the common usage scenarios. The evaluation results in implementing the integrated Splunk UBA through on-promises deployment in the system and analysing the detection achievements and the system’s false positives.
Evaluation of UEBA and SIEM tools for enhancing data security and management
ALIAKBARZADEH, SHABNAM
2021/2022
Abstract
Even though organizations are taking security measures to monitor and protect their sensitive data, detecting insider threats remains one of the biggest challenges. Security Information and Event Management (SIEM) systems have become a crucial and essential component of complex enterprise networks to identify potential malicious insider activities. They typically aggregate, normalize, and correlate incidents/log data from multiple systems and platforms and analyse to detect threats. However, the interaction of user and entity behaviour analytics (UEBA) solution with SIEM systems offers revolutionary and innovative techniques for handling a large volume of generated logs and detecting anomalies within the system. UEBAs frequently analyse alerts using advanced machine learning algorithms to identify insider threats and abnormal behaviours that safeguard organizations’ critical resources. This research endeavours to evaluate different aspects of various UEBA and SIEM solutions in the market based on their capabilities to enhance data privacy and security along with log and entity management. This evaluation was accomplished considering intrusion detection capabilities which contribute to minimising the number of false-positive produced during the identification process. This study aims to use the literature review of top UEBA and SIEM vendors and the feedback of the highprofile network users and security experts in the UniCredit banking service with the help of the Accenture consulting team. A generalized design and feature set of top-level commercially available UEBA and SIEM solutions are presented along with the approaches described in the literature. This research assesses the value and success of behaviour analytics-based solutions in securing the network from not-before-seen attacks and their distinct features that fit the demands of the UniCredit requirements. It highlights the weaknesses and strengths of different SIEM-UEBA solutions and their effectiveness for detecting network attacks in real-time and near real-time interactions. This study presents a detailed comparison among top UEBA technologies focusing on their potential abilities and the common usage scenarios. The evaluation results in implementing the integrated Splunk UBA through on-promises deployment in the system and analysing the detection achievements and the system’s false positives.| File | Dimensione | Formato | |
|---|---|---|---|
|
Aliakbarzadeh_Shabnam.pdf
accesso riservato
Dimensione
2.32 MB
Formato
Adobe PDF
|
2.32 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/31548