Detecting Anomalies in Users -- An UEBA Approach.

Large organizations across the globe are using advanced security solutions to protect and watch the users information. Even with such advanced solutions these companies are not able to protect or attacks. In addition to attacks one of the key aspects is users behaviour and detecting anomalies when the users are utilizing the systems on the network as well the patterns in their behaviour. Lack of proper monitoring and controls implementation and data breaches are seen. The security professionals within the organizations as well as outside are grappling to solve these issues. One of the new approaches to information security is User Entity Behaviour Analytics (UEBA). One of the biggest challenges with incident response is the large amount of data that the system environment has generated and how to accommodate and analyse the data. Analytics within the area of information security is a new area. Analytics professionals are working on creating rules and correlation aspects, in addition to trends and behaviour patterns with respect to the users behaviour and their approach. One of the key focus areas of UEBA is on users actions and behaviours. Behaviours, users access as well as their usage anomalies are popular and interpretation of these anomalies or malicious activities is very critical. UEBA approach is a viable approach in the area of security to detect user behaviour anomalies using methods like statistical analysis and machine learning. The paper aims to show how analytics and specifically UEBA can help in users patterns and any anomalies within these patterns. With the focus on user behaviours and the analytics related to user behaviours the authors look at the insights, benefits and the utilization of resources in the area of security. The various parameters analysed for the users are user name, IP Address, time of usage, date of usage. The data was analysed over a period of 3 months. The researchers developed patterns using a visualization dashboard and used mining, script and processing of raw data before developing visual analytics. The various anomalies were highlighted from the different patterns. [ABSTRACT FROM AUTHOR]