Download - ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company
![Page 1: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/1.jpg)
Analyze. Detect. Protect.
ZoneFoxMachine learning and the Insider Threat
![Page 2: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/2.jpg)
Who are ZoneFox?ZoneFox is an award winning market leader in User
Behaviour Analytics, providing critical insights around data-flow that you need to secure against the Insider
Threat.
![Page 3: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/3.jpg)
Did I just accidentally send that customer list
to someone?
I’ve just been offered job with
our biggest competitor
I’m really annoyed that I didn’t get that
promotion
The Insider Threat - Your top-performing team…..
My account has been compromised
![Page 4: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/4.jpg)
Company profile
Several departments includingR&DTestingClient/Consultancy Services
![Page 5: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/5.jpg)
The Behaviour
User had installed backup software In violation of policy
SubterfugeIncremental backup (check for updates)Files collated into easily handled ZIPWould run out-of-hours‘Fire and forget’
![Page 6: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/6.jpg)
182,000 files including:
Results of confidential product testingCAD designs for prototypes and new productsBills of Materials for new designsPrinted Circuit board designsContracts and agreements with research and manufacturing partners
The Data
![Page 7: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/7.jpg)
Exfiltration
User disconnected end-point as they had a ‘hunch’ they were being monitoredPlugged-in removable media
![Page 8: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/8.jpg)
When we presented the report to the CISO– Individual had handed-in their
resignationto go to a competitor
– Disabled existing controls
Issues– Had the employee been backing up
other information before the HR event?
– What if the employee had lied about joining a competitor?
– Not enough people to spot this kind of behaviour
The debrief
![Page 9: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/9.jpg)
What can we do?
• If the sophistication of attacks increases, our response needs to be more sophisticated…
Rules, Manual Monitoring & SearchMachine Learning and UBA
![Page 10: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/10.jpg)
Time to do something different…..
![Page 11: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/11.jpg)
Addressing this – Machine Learning (UBA 101)
• Harness the power of machine learning to spot unusual user activity automatically
• Record actual user activity at the endpoint• Build a profile for a user over a period of time.
Ideally a small number of days rather than weeks so that you can re-build models regularly
• Compare a user’s new activity to their previous activity
• Use peer groups to reduce false positives
![Page 12: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/12.jpg)
How Does it Work?
Peer Group 3
Peer Group 4
Peer Group 2Peer Group 1
Statistically relevant outlier a.k.a Bad Guy
![Page 13: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/13.jpg)
What does this look like in production?
![Page 14: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/14.jpg)
UEBA – Capabilities and Limitations
• Capabilities• Monitor large amounts of users and data• Gets in-depth into your users’ activities• Doesn’t need a scale-up of security staff• Compute power is cheap – harness it
• Limitations• Over-reliance?• Inability to see what triggered an alert?• Push back over amount of data analysed?• Court cases over validity of algorithms?
![Page 15: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/15.jpg)
Future of UBA
• Deep learning• Integration with external systems
• HR• Social Media• Access control systems• Etc
![Page 16: ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user and the company](https://reader033.vdocuments.us/reader033/viewer/2022042707/58e5e0841a28ab38148b45c3/html5/thumbnails/16.jpg)
Questions
Get in touch today to find out how ZoneFox can protect you