Access and Data Security
Abstract: When deciding what’s most important, every organisation will place protecting internal legacy application data at the top of the list. Ensuring all mission-critical legacy application data does not become exposed. Also, this guarantees that any potential insider threat (cyber attacks, brute-force attacks, compromised accounts) is made aware to the organisation allowing them to protect the data well in advance.
UEBA (User and Entity behaviour Analytics) Solution
New Scaler, has developed a solution that has helped customers in a variety of industries, including nuclear, police, health, the NHS, government, and others, deal with a wide range of cyber attacks and reduce risks, while always keeping a cost optimisation solution in mind. This solution aims to detect any suspicious behaviour—differences from normal daily patterns or usage. For example, if a specific network user downloads files of 20 MB daily but suddenly starts downloading 4 GB of files, the UEBA system would consider this an anomaly and either alert an IT administrator or, if automations are in place, automatically disconnect that user from the network.
Sentinel UEBA detects anomalies using dynamic baselines that are created for each entity across multiple data inputs. The baseline behaviour of each entity is determined by its own historical activities, those of its peers, and those of the organisation as a whole. Anomalies can occur as a result of the correlation of various attributes such as action type, geo-location, device, resource, ISP, and others.
The following are the anomalies can be detected:
Furthermore, we have developed custom analytics rules that can continuously monitor all Azure resources and trigger incidents whenever any owner or contributor assigns permission for mission-critical application resources to determine whether or not the activity is authorised. This can be useful if any user attempts to initiate in any suspicious activity, including if it is outside of business hours.
Also, it has the capabilities to validate if anyone is assigning and approving PIM requests outside of business hours and monitors trends for suspicious activity.
As previously mentioned, we have a custom analytics rule in place, which continuously monitors all resources. As an example, in our current mission-critical application, the Owner has permission to give other users permission, which is triggering an incident in the SOC solution, as shown in the image below.
As incidents occur, all relevant information is collected, making it easier for the SOC team to investigate all the details.
When the SOC team begins investigating an incident, they will be able to find all relevant information, such as the timeline, user and entity details, and insights.
Conclusion:
In this tutorial, we looked at strategies for protecting data from applications that are critical to the operation of those industries that are inherently protective and secure with data.
Click our video link for a simplified version of this blog.
To get started, contact us for a free consultation on info@newscaler.com or call us on 01628 306 600.
~ Saumil Shah (Senior Technical Architect) at New Scaler Ltd.
By using our website, you imply that you agree to receive all of our cookies. You may, however, change your cookie settings at any time. Learn more.
Manage consent
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.