Cyber Defense eMagazine May 2019
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Using Behavior to Detect Complete Attack Chains<br />
User and Entity Behavior Analytics (UEBA) allows security analysts to do just that. UEBA products take<br />
a thumbprint of what activities are normal for each user and compare that to activities the user performs<br />
in near real time. Coupling that with tactics and techniques known to be risky from ATT&CK, UEBA<br />
interfaces then highlights the activity as being both atypical and risky. The more of these tactics and<br />
techniques that an attacker uses, the higher the risk score within UEBA interfaces and the more this<br />
stands out to SOC analysts.<br />
By tying together the behaviors identified as anomalous and risky with the techniques identified in the<br />
ATT&CK framework, responders can now trace the steps an attacker has used and predict where they<br />
may be heading next. Only once the attack chain is fully understood can the SOC analyst then take<br />
appropriate remediation steps to preserve evidence instead of re-imaging the system and possibly<br />
destroying key evidence needed to perform additional forensic examination of the compromised system.<br />
Given the gravity of the compromises depicted here, every piece of evidence in this crime scene needs<br />
to be preserved for the duration of the investigation. Each incident needs to be seen as part of a bigger<br />
picture. Closing a ticket is not the same thing as solving a crime.<br />
About the Author<br />
Erik Randall is a Security Engineer at Exabeam. He is an information<br />
security leader with proven success implementing leading-edge<br />
technology solutions while balancing risk, business operations and<br />
innovations. Specialties include security service management, systems<br />
architecture, network design, and systems administration with extensive<br />
experience in engineering, manufacturing, services and financial<br />
industries.<br />
49