A few months ago I came to the conclusion that our approach to security event monitoring was flawed. Traditional alert-based systems generate low fidelity indications of compromise and make a lot of work for SecOps triage teams. On the other hand, UEBA based systems fair no better. If their output…
Read More
Previously I introduced the idea of building your own UEBA system but I mainly talked about a specific data science project of mine designed to avoid the challenge of just adding risk scores to individuals or systems. In this article I want to take a step back and look at…
Read More
Security Information and Event Managment (SIEM) is a valuable tool to give you insight into what is happening, from a security perspective, in your environment. It allows you to react to developing threats and it gives you the ability to report upwards to management in a way they can understand.…
Read More
There seems to be a lot of confusion out there about how GDPR relates to security monitoring so I thought I’d take a moment to explain. GDPR is a wide ranging piece of legislation which was introduced to standardise data protection across EU states. In many ways GDPR was not…
Read More
User and Entity Behavioural Analytics systems have changed the way organisations do security monitoring and have been responsible for detecting and thwarting some of the most major potential security breaches in the last few years. A UEBA system is often the first thing an organisation reaches for after they have…
Read More