Hear from our internal security team as they discuss how to leverage User and Entity Behavior Analytics (UEBA) to gain full visibility of the risks that end-users face or perform and ways to take action based on User Confidence Index (UCI) scores.
Key Topics:
What is User and Entity Behavior Analytics (UEBA)
How does Netskope use and implement this within our SOC (Security Operation Center)
Detection/Ticket Creation from UCI (User Confidence Index)
Enabling user risk scores from our other applications feeding into a user's UCI
Policies within Netskope to coach users, or taking action for specific users’ depending on their UCI
Also, please provide the reference to how to set up the dynamic grouping for UBA. Especially interested in trying to anticipate users potentially departing from the company and taking work with them.
Thanks in advance
Jack
Hi, so more over the dynamic grouping for the UEBA. I can break this down into 2 parts that help design and setup the necessary watchlist in the Behavior Analytics GUI.
Known users exiting the org (HR lists etc), use user watchlists to adjust uci for these users to watch them more closely.
For the suspected users exiting the org, , we see strong correlation with data theft - use key detection scenario to identify users that are insider threat (e.g. DLP violation). See screenshot.
The team is also working on a filter that will filter alerts in SkopeIT based on the key detection scenario (which is circled in the above screenshot). This can help build that watch list to keep an eye on users that could be considered insider threat leaving the company and taking work-related documents with them.
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account.
