Skip to main content

Hear from our internal security team as they discuss how to leverage User and Entity Behavior Analytics (UEBA) to gain full visibility of the risks that end-users face or perform and ways to take action based on User Confidence Index (UCI) scores.

 

Key Topics:

  • What is User and Entity Behavior Analytics (UEBA)
  • How does Netskope use and implement this within our SOC (Security Operation Center)
  • Detection/Ticket Creation from UCI (User Confidence Index)
  • Enabling user risk scores from our other applications feeding into a user's UCI 
  • Policies within Netskope to coach users, or taking action for specific users’ depending on their UCI

 

 

View past events in this series!

Hi,

Please share the slide deck.

Also, please provide the reference to how to set up the dynamic grouping for UBA. Especially interested in trying to anticipate users potentially departing from the company and taking work with them.

Thanks in advance

Jack


Hi, so more over the dynamic grouping for the UEBA. I can break this down into 2 parts that help design and setup the necessary watchlist in the Behavior Analytics GUI. 

  1. Known users exiting the org (HR lists etc), use user watchlists to adjust uci for these users to watch them more closely.
  2. For the suspected users exiting the org, , we see strong correlation with data theft - use key detection scenario to identify users that are insider threat (e.g. DLP violation). See screenshot.

 

 

The team is also working on a filter that will filter alerts in SkopeIT based on the key detection scenario (which is circled in the above screenshot). This can help build that watch list to keep an eye on users that could be considered insider threat leaving the company and taking work-related documents with them. 

 

Here is another great source on this as well - https://docs.netskope.com/en/user-watchlist

 

For the Slide deck, if you would mind, replying with your email would be great so I can get the deck sent over to you.

 

Let me know if you have any questions relating to this and I’ll be happy to answer them. 

 

 Regards, 

Jared H