Skip to main content

Who do I belong to? Dynamic Peer Analysis for UEBA Explained

In user and entity behavior analytics (UEBA), a security alert is best viewed in context as discussed in my past webinar. A user’s peer groups provide useful context to identify and calibrate that user’s alerts. If a user does something unusual on the network, such as logging on to a server or accessing an application for the first time, we may reduce or amplify the risk score of this activity depending on whether the peers[…]

Read more

Topics: data science, SECURITY, Uncategorized

A User and Entity Behavior Analytics System Explained – Part III

In this blog series, I’ve talked about the applicability of data science for user entity behavior analytics (UEBA).  The use of statistical analysis is best driven by expert knowledge; some machine learning examples were given to find contextual information for alert prioritization.  In this blog, let’s explore more use cases and examples where machine learning applies.  An Entity Categorization Example In my last post, I discussed how a data-driven classifier can be used to determine[…]

Read more

Topics: data science

A User and Entity Behavior Analytics System Explained – Part II

In my last blog, I talked about the role of statistical analysis in a User Entity Behavior Analytics (UEBA) system.   Expert-driven statistical modeling is a key and core component of an anomaly detection system.  It is intuitive and easy to use and understand for analysts of all levels.  In part II of this series, I’ll discuss the role of machine learning in a UBA system. Machine learning is a method that is used to devise[…]

Read more

Topics: data science

A User and Entity Behavior Analytics System Explained – Part I

This 3-Part blog series will demonstrate how data analytics of a User Entity Behavior Analytics (UEBA) product is at work to address cyber threats. In concept, a UEBA system such as Exabeam’s monitors network entities’ behaviors in an enterprise and flags behaviors that deviate from the norm.  While the benefits are understandable, there are many challenges.  In this blog series, I’ll focus only on the data analytics part of the system that has proven to[…]

Read more

Topics: data science, SECURITY

Project Alignment, Hiring Shortfall As Top Big Data Challenges

2015 was an exciting ride for Exabeam.  For 2016, we are to scale for growth.  I am both happy and concerned about the thought.  I am happy because folks at Exabeam, from the top to bottom, and among data science, security, and platform engineering, are fully aligned.  This is critical for our company success.  I don’t take this for granted as in my past consulting years, I saw many interesting data analytics efforts fall or stall[…]

Read more

Topics: data science

My Top Security Data Science Predictions for 2016

Security remains a top news item this year.  We see increased activities to address security in enterprises and the product marketplace in 2015.  I offer my predictions on the top trends in security analytics for 2016.  They are: #1 Data science as a de-facto tool for cyber security Cyber security traditionally has been relying on signature-based and rule-based approaches to detect bad activities.  The use of data science has emerged only in recent years.  This[…]

Read more

Topics: data science, SECURITY

The Wrong (and Right) Way to Engage Data Science in Security Analytics

More enterprises are waking up to the fact that data analytics is becoming an inseparable part of cyber security defense posture.  An immediate question is how to integrate the traditional security operation center (SOC) with the data science team.  Other than its obvious implication to the organizational structure, the answer to this question is important in deriving value from data science work or in making a data analytics product procurement decision.   I’ll give some examples[…]

Read more

Topics: SECURITY

Thorough Analysis For Using Data Science To Detect Malicious Domains

Introduction: Analyzing existing enterprise traffic logs with a data science approach is an efficient way to detect signs of breach. VPN and Active Directory logs can be used to detect compromised account activities. Database or file-level access logs can also be used to detect insider threat activities. Mining these voluminous logs require different machine learning and data mining methods will vary depending on use cases. As an example of User & Entity Behavior Analytics (UEBA),[…]

Read more

Topics: SECURITY

Data Science And Stateful User Tracking: The Two Key UBA Enablers

A big topic at recent security conferences has been the use of user behavior analytics (UBA) to assess cyber security risk. This approach is enabled by the recent application of data science and data modeling. However, any data science has to be supported by a platform designed from the ground up to enable this effort. In this blog, I’ll share thoughts on the areas where data science are most effective for UBA, and how data[…]

Read more

Topics: LIFE AT EXABEAM, SECURITY, TIPS AND TRICKS

Challenges Of Building A Security Data Science Practice

A security executive recently reflected with me on his experience in building the security analytics practice in his enterprise. They have come a long way, having hired a couple of data scientists and setup the requisite Big Data infrastructure.  While some lessons are learned, some challenges remain.  As a data scientist who loves to get his hands dirty with data, I believe there are clear benefits to building data science models to target emerging use[…]

Read more

Topics: CUSTOMERS, LIFE AT EXABEAM
2017