Skip to main content

SECURITY

A Machine Learning Study on Phishing URL Detection

Many network attack vectors start with a link to a phishing URL. A carefully crafted email containing the malicious link is sent to an unsuspecting employee. Once he or she clicks on or responds to the phishing URL, the cycle of information loss and damage begins. It would then seem highly desirable to nip the problem early by identifying and alerting on these malicious links. In this blog, I’ll share some research notes here on[…]

Read more

Topics: data science, SECURITY

Flipping the SIEM Value Equation

If you operate a SIEM, you probably deeply sympathize with what I’m about to say. SIEMs are over priced. More accurately, SIEMs are overpriced compared to the value they actually provide to their customers. Not only are these systems responsible for draining security budgets, they aren’t effective in helping customers to effectively manage security incidents. The Economics of SIEMs (and Razors) All legacy SIEMs have at least one thing in common, some form of data[…]

Read more

Topics: SECURITY, SIEM, TIPS AND TRICKS

On True Positives and Security Incidents

The Potential POS Breach Exabeam recently discovered unusual behavior at one of our retail customers. On some of the most sensitive point of sale (POS) devices, a local account was added to a privileged active directory group. Some of the audit functionalities on these machines were then disabled and a few minutes later the account was removed from the privileged group and the audit functionalities were reactivated. This was happening on hundreds of POSs at[…]

Read more

Topics: CUSTOMERS, SECURITY

First-time Access to an Asset - Is it Risky or Not?: A Machine Learning Question

Looking for outliers or something different from the baseline is a typical detection strategy in user and entity behavior analytics (UEBA). One example is a user’s first-time access to an asset such as a server, a device or an application. The logic is sound and is often used as an example in the press for behavior-based analytics. However, it is an open secret among the analytics practitioners that alerts of this type has a high[…]

Read more

Topics: data science, SECURITY

Check Out Exabeam Incident Responder

One of the most common questions we heard when talking to potential customers about our UEBA product was “Okay, your system found something. Now what do I do?” It was eye-opening to see so many organizations that simply didn’t have response processes defined, and had limited tools to run those processes, anyway. This lack of incident response expertise drove the development of our recently-announced Exabeam Incident Responder product. Incident Responder goes far beyond the automatic[…]

Read more

Topics: SECURITY

The World Has Changed; Shouldn’t Your Security Change, Too?

From day one, Exabeam had a vision for something better than today’s SIEM solutions. We felt these products were fundamentally broken: SIEM log management was built on old, proprietary technology and was (over)priced by the byte; SIEM correlation rules were a mess and ineffective, and they caused more work for analysts than they eliminated. SIEM was broken and the opportunity to make something massively better was clear. Our first step was to win the UEBA[…]

Read more

Topics: CUSTOMERS, data science, SECURITY

A User and Entity Behavior Analytics Scoring System Explained

How risk assessment for UEBA (user entity behavior analytics) works is not unlike how humans assess risk in our surrounding environment. When in an unfamiliar setting, our brain constantly takes in data regarding objects, sound, temperature, etc. and weighs different sensory evidence against past learned patterns to determine if and what present risk is before us. A UEBA system works in a similar manner. Data from different log sources, such as Windows AD, VPN, database,[…]

Read more

Topics: data science, SECURITY

McAfee Labs Report Finds 93 Percent of Security Operations Center Managers Overwhelmed by Alerts and Unable to Triage Potential Threats

This is a very interesting report from our partner, Intel Security/McAfee. Some interesting bits: Enterprise security operations center survey found 93 percent of respondents acknowledged being unable to triage all potential cyber threats. On average, organizations are unable to sufficiently investigate 25 percent of security alerts. 67 percent of respondents reported an increase in security incidents. 26 percent acknowledge operating in a reactive mode despite having a plan for a proactive security operation. New ransomware[…]

Read more

Topics: SECURITY

Calculating Security ROI, or "Halloween’s Over, So Why is my Vendor Trying to Scare Me?"

Certain technology categories lend themselves well to ROI analysis. Want to replace your old storage array with a new flash array, or your old backup technology with something new? It’s probably not too difficult to work out the payback numbers. Security, on the other hand, has been more resistant to clear ROI analysis. Vendors either give out scary per-company breach averages from Ponemon, or build some other detection-based cost-benefit number. Over time, CISOs and their[…]

Read more

Topics: CUSTOMERS, SECURITY, TIPS AND TRICKS, Uncategorized

UEBA: When "E" Doesn't Stand for "Easy"

Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities. While we are[…]

Read more

Topics: data science, ransomware, SECURITY
2017