[go: up one dir, main page]
Scribd
Upload
58 views1 page

UBA Best Practices Guide

The document provides best practices for implementing User Behavior Analytics (UBA). It notes that companies lack visibility into employee activity and applications across critical systems, and legacy defenses fail to catch insider threats. The best practices include identifying all available user behavior data sources, integrating data from monitoring systems, enabling auditing of Active Directory and all systems containing sensitive data, tracking account creation and logins, enabling email server journaling and using e-discovery software, regularly reviewing user permissions and internet traffic, and providing the UBA solution with all available data to reduce false positives.

Uploaded by

nicolepetrescu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views1 page

UBA Best Practices Guide

The document provides best practices for implementing User Behavior Analytics (UBA). It notes that companies lack visibility into employee activity and applications across critical systems, and legacy defenses fail to catch insider threats. The best practices include identifying all available user behavior data sources, integrating data from monitoring systems, enabling auditing of Active Directory and all systems containing sensitive data, tracking account creation and logins, enabling email server journaling and using e-discovery software, regularly reviewing user permissions and internet traffic, and providing the UBA solution with all available data to reduce false positives.

Uploaded by

nicolepetrescu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Best Practice Guide

User Behavior Analytics (UBA)


Short UBA Best Practices Guide
"User and Entity Behavior Analytics (UEBA) successfully detects malicious and abusive activity that
otherwise goes unnoticed..." - Gartner

Challenges for securing the modern IT environment:


Companies lack visibility into employee activity and application usage across critical IT systems.
Legacy defense strategies are typically focused on the perimeter, so they fail to identify insider
threats or attacks in progress within the network.
Security teams are often overwhelmed by the huge volume of audit logs generated every day,
increasing the risk that important actions can be missed.
Most legacy security applications, such as SIEM solutions, are time-consuming to use.

Best practices:
Identify the existing sources of data on user behavior, including logs, data warehouses, network
flow data, etc. The more data you have, the better.
Integrate data from other monitoring systems, such as advanced threat management and HR
customer relationship management (CRM) systems.
Enable Active Directory auditing to track who is doing what across your critical systems.
Enable auditing for all systems that contain sensitive information, including your file servers,
SharePoint, SQL servers, etc.
If you are using SaaS applications, enable access and user activity logging.
Track account creation and account logons, because such activity can reveal account takeovers
and other attacks.
Enable journaling on your e-mail server and use e-discovery software for e-mail flow analytics.
Regularly review effective permissions and enforce a least-privilege model.
Track and control your users internet traffic via web filtering software.
Provide your UBA solution with all the data mentioned above. Fine-tune its rules, alerts, reports
and thresholds to reduce noise and false-positive anomalies.
Review UBA reports on anomalous activity regularly and investigate incidents promptly.

Gain #completevisibility into what's going on across your critical IT


systems with Netwrix Auditor's User Behavior and Blind Spot Analysis
reports that provide strong security analytics to help you uncover
threats and protect the assets that matter the most.
netwrix.com/go/trial-na

Corporate Headquarters:

Phone: 1-949-407-5125

Int'l: 1-949-407-5125

300 Center Drive, Suite 1100, Irvine, CA 92618

Toll-free: 888-638-9749

EMEA: 44 (0) 203-318-0261

netwrix.com/social

You might also like