Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

977 views

Published on

This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar

Published in: Software
  • Be the first to comment

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

  1. 1. Threat Hunting and UEBA: Similarities, Differences, and How They Work Together • Speakers: • Greg Schaffer, FirstBank CISO • Luis Maldonado. Sqrrl VP of Products Sponsor:
  2. 2. © 2017 Security Current Speakers Greg Schaffer First Bank CISO Luis Maldonado Sqrrl VP of Products
  3. 3. © 2017 Security Current Peer-authored Research Authored by Chief Information Security Officers, CISOs Investigate is an ongoing series that offers first-hand insights to security leaders as they make business-driven technology decisions. About CISOs Investigate
  4. 4. © 2017 Security Current CISO-authored Research About CISOs Investigate
  5. 5. © 2017 Security Current Unpacking theReport
  6. 6. © 2017 Security Current "A risk-based approach is highly recommended in order to gain some quick wins. Generally, this starts by looking at privileged access to various applications." - James Beeson, Chief Information Security Officer and IT Risk Leader,GE Capital Americas A CISO Looks at the History of UBA
  7. 7. © 2017 Security Current • Incorporating user behavior beyond simple login • Behavioral analytics connects the past (baseline), the present (event) and future (pre-direction) Technology Overview – Core Features
  8. 8. © 2017 Security Current • Control Aspects • Risk AssessmentTool • Baseline • Compliance • Staffing • Use Cases • Challenges Key Considerations
  9. 9. © 2017 Security Current • Effective Across Industries • AWin-Win for CISOs • A Natural Fit for Risk- based Security Takeaways
  10. 10. © 2017 Security Current •Company Overview •Business Use Cases •Technology •Business Goals •Recommendations and Advice Case Study – Oppenheimer & Co – Henry Jiang,CISO
  11. 11. Threat Hunting and UEBA
  12. 12. © 2017 Sqrrl Data, Inc. All rights reserved. 12 Analytics Perspective UBA UEBA Behavioral Analytics
  13. 13. © 2017 Sqrrl Data, Inc. All rights reserved. 13 HuntingTools Visualization Analytics Data Aggregation Collaboration
  14. 14. © 2017 Sqrrl Data, Inc. All rights reserved. 14 Hunting Proactive Iterative Human-driven Analytical
  15. 15. © 2017 Sqrrl Data, Inc. All rights reserved. 15 Challenges Driving Hunting Investment
  16. 16. © 2017 Sqrrl Data, Inc. All rights reserved. 16 TheValue of Hunting
  17. 17. © 2017 Sqrrl Data, Inc. All rights reserved. 17 Threat Hunting Maturity Model
  18. 18. © 2017 Sqrrl Data, Inc. All rights reserved. 18 SOC Detection Processes (“Loops”) Detection Improvements Observe Alert Validate Hunting Plan Test Content Development Automated Detection Rules & Analytics Discover Hypothesize CompareImplementReviseInvestigateEnrich
  19. 19. © 2017 Sqrrl Data, Inc. All rights reserved. 19 Threat Hunting Loop
  20. 20. © 2017 Sqrrl Data, Inc. All rights reserved. 20 Analytics in the Hunting Loop Analytics help provide a starting point for hunts
  21. 21. © 2017 Sqrrl Data, Inc. All rights reserved. 21 Analytics in the Hunting Loop Investigatio n aided by analytic techniques
  22. 22. © 2017 Sqrrl Data, Inc. All rights reserved. 22 Analytics in the Hunting Loop Identify behavioral patterns
  23. 23. © 2017 Sqrrl Data, Inc. All rights reserved. 23 Analytics in the Hunting Loop Analytics are created from the results of the hunt
  24. 24. © 2017 Sqrrl Data, Inc. All rights reserved. 24 Sqrrl’s Approach to Behavioral Analytics Detection of kill chain-oriented Tactics,Techniques, and Procedures of adversaries rather than only general anomalies
  25. 25. © 2017 Sqrrl Data, Inc. All rights reserved. 25 Uniting UEBA and Hunting
  26. 26. © 2017 Sqrrl Data, Inc. All rights reserved. 26 SqrrlThreat Hunting Platform
  27. 27. © 2017 Sqrrl Data, Inc. All rights reserved. 27 info.sqrrl.com/download-uba-guide User & Entity Behavior Analytics What's included in this Real-world insights from CISOs who already deployed tools Case studies to highlight importance of UBA technology A RFI template developed by the CISOs CISO-authored UBA Buyer's Guide
  28. 28. © 2017 Sqrrl Data, Inc. All rights reserved. 28 info.sqrrl.com/download-ueba-ebook User & Entity Behavior Analytics What's included in this What you need to know about advanced behavioral analytics How it can automate and revolutionize threat hunting How to use it for streamlined threat detection practices The Heart of Next-Generation Threat Hunting
  29. 29. Q&A

×