Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Msika wa UEBA wamwalira - UEBA ukhale ndi moyo wautali

Msika wa UEBA wamwalira - UEBA ukhale ndi moyo wautali

Msika wa UEBA wamwalira - UEBA ukhale ndi moyo wautali

Lero tipereka mwachidule msika wa User and Entity Behavioral Analytics (UEBA) kutengera zaposachedwa. Kafukufuku wa Gartner. Msika wa UEBA uli pansi pa "gawo lokhumudwitsa" malinga ndi Gartner Hype Cycle for Threat-Facing Technologies, kusonyeza kukhwima kwa teknoloji. Koma chododometsa chazomwe zili mukukula kwakanthawi kwakanthawi kwazachuma muukadaulo wa UEBA komanso msika womwe ukusoweka wa mayankho odziyimira pawokha a UEBA. Gartner akuneneratu kuti UEBA ikhala gawo la magwiridwe antchito achitetezo chazidziwitso. Mawu oti "UEBA" mwina satha kugwiritsidwa ntchito ndipo m'malo mwake asinthidwa ndi mawu ofupikitsa omwe amayang'ana kwambiri malo ocheperako (mwachitsanzo, "user behaviour analytics"), malo ogwiritsira ntchito ofanana (mwachitsanzo, "ma data analytics"), kapena kungokhala ena buzzword yatsopano (mwachitsanzo, mawu oti "luntha lochita kupanga" [AI] amawoneka osangalatsa, ngakhale sakupanga nzeru kwa opanga amakono a UEBA).

Zomwe zapezedwa kuchokera ku kafukufuku wa Gartner zitha kufotokozedwa mwachidule motere:

  • Kukula kwa msika wama analytics wamakhalidwe a ogwiritsa ntchito ndi mabungwe kumatsimikiziridwa ndi mfundo yakuti matekinolojewa amagwiritsidwa ntchito ndi gawo lapakati komanso lalikulu lamakampani kuti athetse mavuto angapo abizinesi;
  • Maluso a UEBA analytics amapangidwa mumitundu yambiri yaukadaulo wokhudzana ndi chitetezo chazidziwitso, monga cloud access security brokers (CASBs), identity governance and administration (IGA) SIEM systems;
  • The hype kuzungulira ogulitsa UEBA ndi kugwiritsa ntchito molakwika mawu akuti "nzeru zopangira" kumapangitsa kuti zikhale zovuta kwa makasitomala kumvetsetsa kusiyana kwenikweni pakati pa matekinoloje opanga ndi ntchito zothetsera mavuto popanda kupanga polojekiti yoyendetsa;
  • Makasitomala amazindikira kuti nthawi yokhazikitsa ndikugwiritsa ntchito mayankho a UEBA tsiku ndi tsiku kumatha kukhala kovutirapo komanso kuwononga nthawi kuposa momwe wopanga amalonjeza, ngakhale pongoganizira zowunikira zowopsa. Kuonjezera zochitika zachizolowezi kapena zam'mbali zitha kukhala zovuta kwambiri ndipo zimafuna ukadaulo wa sayansi ya data ndi kusanthula.

Zoneneratu zakukula kwa msika:

  • Pofika chaka cha 2021, msika wamakina ogwiritsa ntchito ndi ma analytics (UEBA) usiya kukhalapo ngati gawo losiyana ndipo usintha kupita ku mayankho ena ndi magwiridwe antchito a UEBA;
  • Pofika chaka cha 2020, 95% ya onse omwe atumizidwa ku UEBA adzakhala gawo lachitetezo chokulirapo.

Tanthauzo la mayankho a UEBA

Mayankho a UEBA amagwiritsa ntchito ma analytics omangidwira kuti awunikire zomwe ogwiritsa ntchito ndi mabungwe ena (monga osungira, mapulogalamu, kuchuluka kwa magalimoto pamaneti ndi malo ogulitsira).
Amazindikira ziwopsezo ndi zochitika zomwe zingachitike, zomwe zimayimira zochitika zodabwitsa poyerekeza ndi momwe anthu amawonera komanso machitidwe a ogwiritsa ntchito ndi mabungwe omwe ali m'magulu ofanana pakapita nthawi.

Zomwe zimagwiritsidwa ntchito kwambiri pagawo labizinesi ndikuzindikira ndi kuyankha, komanso kuzindikira ndi kuyankha zowopseza zamkati (makamaka osokoneza mkati, nthawi zina owukira mkati).

UEBA ili ngati chisankho, ndi ntchito, yopangidwa mu chida china:

  • Yankho lake ndi opanga nsanja "zoyera" za UEBA, kuphatikiza ogulitsa omwe amagulitsanso mayankho a SIEM padera. Imayang'ana kwambiri pazovuta zamabizinesi osiyanasiyana pakuwunika kwamakhalidwe a ogwiritsa ntchito komanso mabungwe.
  • Zophatikizidwa - Opanga/magawo omwe amaphatikiza ntchito za UEBA ndi matekinoloje munjira zawo. Nthawi zambiri amangoyang'ana pamavuto enaake abizinesi. Pankhaniyi, UEBA imagwiritsidwa ntchito kusanthula machitidwe a ogwiritsa ntchito ndi/kapena mabungwe.

Gartner amawonera UEBA m'magulu atatu, kuphatikiza othetsa mavuto, kusanthula, ndi magwero a data (onani chithunzi).

Msika wa UEBA wamwalira - UEBA ukhale ndi moyo wautali

"Pure" UEBA nsanja motsutsana ndi UEBA yomangidwa

Gartner amawona nsanja "yoyera" ya UEBA kukhala njira zothetsera:

  • kuthetsa mavuto angapo, monga kuyang'anira anthu omwe ali ndi mwayi kapena kutulutsa deta kunja kwa bungwe, osati kungoyang'anitsitsa "kuyang'anira zochitika za ogwiritsa ntchito";
  • kuphatikizira kugwiritsa ntchito ma analytics ovuta, ozikidwa pa njira zowunikira;
  • perekani njira zingapo zosonkhanitsira deta, kuphatikizirapo njira zonse zomangira deta ndi zida zoyendetsera logi, Lake Data ndi/kapena masitayilo a SIEM, popanda kukakamizidwa kutumizira maojenti osiyana muzomangamanga;
  • zitha kugulidwa ndikuyikidwa ngati njira zodziyimira pawokha m'malo mophatikizidwa
    zikuchokera mankhwala ena.

Gome ili m'munsili likufanizira njira ziwirizi.

Table 1. Mayankho a UEBA "Oyera" motsutsana ndi omwe adamangidwa

gulu "Pure" UEBA nsanja Mayankho ena okhala ndi UEBA yomangidwa
Vuto liyenera kuthetsedwa Kuwunika kwa machitidwe a ogwiritsa ntchito ndi mabungwe. Kusowa kwa data kumatha kuchepetsa UEBA kusanthula machitidwe a ogwiritsa ntchito okha kapena mabungwe.
Vuto liyenera kuthetsedwa Amathandiza kuthetsa mavuto osiyanasiyana Imakhazikika pamagulu ochepa a ntchito
Zosintha Kuzindikira kusokonezeka pogwiritsa ntchito njira zosiyanasiyana zowunikira - makamaka kudzera mumitundu yowerengera komanso kuphunzira pamakina, kuphatikiza malamulo ndi ma signature. Amabwera ndi ma analytics opangidwira kuti apange ndikufanizira zochitika za ogwiritsa ntchito ndi mabungwe ndi mbiri yawo ndi anzawo. Zofanana ndi UEBA yoyera, koma kusanthula kumatha kukhala kwa ogwiritsa ntchito ndi/kapena mabungwe okha.
Zosintha Kuthekera kwaukadaulo kwaukadaulo, osati kokha ndi malamulo. Mwachitsanzo, clustering algorithm yokhala ndi magulu osinthika a mabungwe. Zofanana ndi UEBA “yoyera”, koma magulu amagulu mumitundu ina yowopseza akhoza kusinthidwa pamanja.
Zosintha Kulumikizana kwa zochitika ndi machitidwe a ogwiritsa ntchito ndi mabungwe ena (mwachitsanzo, kugwiritsa ntchito ma netiweki a Bayesian) ndikuphatikizana kwazomwe zimachitika pachiwopsezo chamunthu payekhapayekha kuti azindikire zochitika zosasangalatsa. Zofanana ndi UEBA yoyera, koma kusanthula kumatha kukhala kwa ogwiritsa ntchito ndi/kapena mabungwe okha.
Magwero a data Kulandira zochitika za ogwiritsa ntchito ndi mabungwe kuchokera kuzinthu za data mwachindunji kudzera m'makina omangidwira kapena masitolo omwe alipo, monga SIEM kapena Data lake. Njira zopezera deta nthawi zambiri zimakhala zachindunji ndipo zimakhudza ogwiritsa ntchito okha ndi/kapena mabungwe ena. Osagwiritsa ntchito zida zowongolera mitengo / SIEM / Data lake.
Magwero a data Yankho lake siliyenera kungodalira kuchuluka kwa magalimoto pamaneti monga gwero lalikulu la data, komanso siliyenera kudalira othandizira ake kuti atolere telemetry. Yankho lingangoyang'ana pa kuchuluka kwa magalimoto pa netiweki (mwachitsanzo, NTA - kusanthula kuchuluka kwa magalimoto pamaneti) ndi/kapena kugwiritsa ntchito othandizira ake pazida zomaliza (mwachitsanzo, zowunikira ogwira ntchito).
Magwero a data Kuchulukitsa kwa ogwiritsa ntchito / bungwe ndi nkhani. Imathandizira kusonkhanitsidwa kwa zochitika zosanjidwa munthawi yeniyeni, komanso data yogwirizana yokhazikika/yosalongosoka yochokera kumakanema a IT - mwachitsanzo, Active Directory (AD), kapena zidziwitso zina zowerengeka ndi makina (mwachitsanzo, nkhokwe za HR). Zofanana ndi UEBA yoyera, koma kuchuluka kwa zomwe zili mumtundu uliwonse kumatha kusiyanasiyana. AD ndi LDAP ndizomwe zimagwiritsidwa ntchito kwambiri ndi mayankho a UEBA.
Kupezeka Amapereka zomwe zalembedwa ngati chinthu chodziyimira chokha. Ndikosatheka kugula magwiridwe antchito a UEBA osagula njira yakunja momwe imapangidwira.
Gwero: Gartner (Meyi 2019)

Chifukwa chake, kuti athetse mavuto ena, UEBA wophatikizidwa angagwiritse ntchito ma analytics oyambira a UEBA (mwachitsanzo, kuphunzira makina osayang'aniridwa kosavuta), koma nthawi yomweyo, chifukwa chopeza zenizeni zofunikira, zitha kukhala zothandiza kwambiri kuposa "zoyera" UEBA solution. Panthawi imodzimodziyo, mapulaneti "oyera" a UEBA, monga momwe akuyembekezeredwa, amapereka ma analytics ovuta kwambiri monga chidziwitso chachikulu poyerekeza ndi chida cha UEBA chomangidwa. Zotsatirazi zafotokozedwa mwachidule mu Gulu 2.

Table 2. Zotsatira za kusiyana pakati pa "woyera" ndi UEBA womangidwa

gulu "Pure" UEBA nsanja Mayankho ena okhala ndi UEBA yomangidwa
Zosintha Kutha kuthana ndi zovuta zamabizinesi osiyanasiyana kumatanthawuza kuchuluka kwa ntchito za UEBA ndikugogomezera ma analytics ovuta komanso mitundu yophunzirira makina. Kuyang'ana pamavuto ang'onoang'ono abizinesi kumatanthauza zinthu zapadera zomwe zimayang'ana pamitundu yogwiritsira ntchito yokhala ndi malingaliro osavuta.
Zosintha Kusintha kwachitsanzo chowunikira ndikofunikira pazochitika zilizonse zogwiritsira ntchito. Mitundu yowunikira idakonzedweratu ku chida chomwe UEBA idamangidwamo. Chida chokhala ndi UEBA chomangidwira nthawi zambiri chimapeza zotsatira mwachangu pakuthana ndi zovuta zina zamabizinesi.
Magwero a data Kupeza magwero a data kuchokera kumakona onse azinthu zamabizinesi. Magwero ochepera a data, omwe nthawi zambiri amakhala ochepa chifukwa cha kupezeka kwa othandizira awo kapena chida chomwe chili ndi ntchito za UEBA.
Magwero a data Zomwe zili mu chipika chilichonse zitha kuchepetsedwa ndi gwero la data ndipo sizingakhale ndi zonse zofunika pa chida chapakati cha UEBA. Kuchuluka ndi tsatanetsatane wa data yaiwisi yomwe yasonkhanitsidwa ndi wothandizirayo ndikutumizidwa ku UEBA imatha kukhazikitsidwa mwachindunji.
zomangamanga Ndi chinthu chathunthu cha UEBA cha bungwe. Kuphatikiza ndikosavuta kugwiritsa ntchito luso la SIEM system kapena Data lake. Pamafunika magawo osiyana a UEBA pamayankho aliwonse omwe apanga UEBA. Mayankho ophatikizika a UEBA nthawi zambiri amafunikira kukhazikitsa othandizira ndikuwongolera deta.
Kuphatikiza Kuphatikiza pamanja kwa yankho la UEBA ndi zida zina munjira iliyonse. Amalola bungwe kuti lipange zida zake zaukadaulo potengera "zabwino kwambiri pakati pa ma analogue". Mitolo yayikulu ya ntchito za UEBA idaphatikizidwa kale ndi wopanga. Ma module a UEBA adamangidwa ndipo sangathe kuchotsedwa, kotero makasitomala sangathe m'malo mwake ndi china chake.
Gwero: Gartner (Meyi 2019)

UEBA ngati ntchito

UEBA ikukhala gawo la mayankho omaliza a cybersecurity omwe angapindule ndi ma analytics owonjezera. UEBA imayang'anira mayankho awa, ndikupereka gawo lamphamvu la kusanthula kwapamwamba kutengera machitidwe a ogwiritsa ntchito ndi/kapena mabungwe.

Pakali pano pamsika, magwiridwe antchito a UEBA omwe adamangidwa amatsatiridwa ndi mayankho awa, ophatikizidwa ndi kukula kwaukadaulo:

  • Kuwunika kokhazikika pa data ndi chitetezo, ndi ogulitsa omwe amayang'ana kwambiri pakuwongolera chitetezo chadongosolo losungidwa la data (aka DCAP).

    M'gulu la ogulitsa awa, Gartner amalemba, mwa zina, Varonis cybersecurity nsanja, yomwe imapereka ma analytics amtundu wa ogwiritsa ntchito kuti ayang'anire kusintha kwa zilolezo zosasinthika za data, kupeza, ndi kugwiritsa ntchito m'masitolo osiyanasiyana.

  • Machitidwe a CASB, yopereka chitetezo ku ziwopsezo zosiyanasiyana mu mapulogalamu a SaaS opangidwa ndi mtambo mwa kutsekereza mwayi wopita ku mautumiki amtambo pazida zosafunikira, ogwiritsa ntchito ndi matembenuzidwe ogwiritsira ntchito pogwiritsa ntchito njira yowongolera yolowera.

    Mayankho onse otsogola a CASB akuphatikiza kuthekera kwa UEBA.

  • Mayankho a DLP - yoyang'ana pakuwona kusamutsidwa kwa deta yovuta kunja kwa bungwe kapena kuzunzidwa kwake.

    Kupita patsogolo kwa DLP kumatengera kumvetsetsa zomwe zili mkati, osayang'ana kwambiri pakumvetsetsa zinthu monga wogwiritsa ntchito, kugwiritsa ntchito, malo, nthawi, kuthamanga kwa zochitika, ndi zina zakunja. Kuti zikhale zogwira mtima, zogulitsa za DLP ziyenera kuzindikira zonse zomwe zili mkati ndi zomwe zikuchitika. Ichi ndichifukwa chake opanga ambiri akuyamba kuphatikiza magwiridwe antchito a UEBA mumayankho awo.

  • Kuwunika kwa ogwira ntchito ndi kuthekera kojambulira ndi kubwereza zochita za ogwira ntchito, nthawi zambiri mumtundu wa data womwe uyenera kuweruzidwa (ngati kuli kofunikira).

    Kuwunika nthawi zonse ogwiritsa ntchito kumapanga deta yochuluka yomwe imafunika kusefa pamanja ndi kusanthula anthu. Chifukwa chake, UEBA imagwiritsidwa ntchito mkati mwa machitidwe owunikira kuti apititse patsogolo momwe mayankhowa amagwirira ntchito ndikuzindikira zomwe zili pachiwopsezo chachikulu.

  • Endpoint Security - Mayankho a Endpoint ndi kuyankha (EDR) ndi nsanja zodzitchinjiriza (EPP) zimapereka zida zamphamvu ndi makina ogwiritsira ntchito telemetry
    zida zomaliza.

    Telemetry yokhudzana ndi ogwiritsa ntchito yotereyi imatha kuwunikidwa kuti ipereke magwiridwe antchito a UEBA.

  • Zachinyengo pa intaneti - Mayankho ozindikira zachinyengo pa intaneti amazindikira zinthu zopotoka zomwe zikuwonetsa kusokonekera kwa akaunti yamakasitomala kudzera mwachinyengo, pulogalamu yaumbanda, kapena kugwiritsa ntchito maulumikizidwe osatetezedwa / kutsekereza magalimoto asakatuli.

    Mayankho ambiri achinyengo amagwiritsa ntchito tanthauzo la UEBA, kusanthula kochitika ndi kuyeza kwa zida, ndi machitidwe apamwamba kwambiri omwe amawathandizira pofananiza maubwenzi mu nkhokwe yazidziwitso.

  • IAM ndi kuwongolera mwayi - Gartner akuwona kusintha kwakusintha pakati pa ogulitsa makina owongolera kuti aphatikizidwe ndi mavenda oyera ndikupanga magwiridwe antchito a UEBA muzinthu zawo.
  • IAM ndi Identity Governance and Administration (IGA) machitidwe gwiritsani ntchito UEBA kuti mufotokoze zochitika za kachitidwe ndi zowunikira monga kuzindikira molakwika, kusanthula kwamagulu azinthu zofanana, kusanthula malowedwe, ndi kusanthula kwa mfundo zofikira.
  • IAM ndi Privileged Access Management (PAM) - Chifukwa cha ntchito yoyang'anira kagwiritsidwe ntchito ka maakaunti a oyang'anira, mayankho a PAM ali ndi telemetry kuwonetsa momwe, chifukwa chake, liti komanso komwe maakaunti oyang'anira adagwiritsidwa ntchito. Izi zitha kuwunikidwa pogwiritsa ntchito mawonekedwe a UEBA opangidwa kuti akhale ndi machitidwe odabwitsa a oyang'anira kapena zolinga zoyipa.
  • Opanga NTA (Network Traffic Analysis) - gwiritsani ntchito kuphatikizika kwa kuphunzira pamakina, kusanthula kwapamwamba komanso kuzindikira kokhazikitsidwa ndi malamulo kuti muzindikire zochitika zokayikitsa pama network amakampani.

    Zida za NTA zimasanthula mosalekeza kuchuluka kwa magwero ndi/kapena ma rekodi oyenda (monga NetFlow) kuti apange zitsanzo zomwe zimawonetsa machitidwe anthawi zonse pamanetiweki, makamaka kuyang'ana kusanthula kwamakhalidwe a bungwe.

  • ayi - ogulitsa ambiri a SIEM tsopano ali ndi magwiridwe antchito apamwamba a data omangidwa mu SIEM, kapena ngati gawo la UEBA losiyana. Mu chaka chonse cha 2018 mpaka pano mu 2019, pakhala kusamveka bwino kwa malire pakati pa SIEM ndi UEBA magwiridwe antchito, monga tafotokozera m'nkhaniyi. "Technology Insight for the Modern SIEM". Machitidwe a SIEM akhala bwino pakugwira ntchito ndi analytics ndikupereka zovuta zogwiritsira ntchito.

UEBA Application Scenarios

Mayankho a UEBA amatha kuthetsa mavuto osiyanasiyana. Komabe, makasitomala a Gartner amavomereza kuti njira yoyamba yogwiritsira ntchito imaphatikizapo kuzindikira magulu osiyanasiyana a ziwopsezo, zomwe zimatheka powonetsa ndi kusanthula kulumikizana pafupipafupi pakati pa machitidwe a ogwiritsa ntchito ndi mabungwe ena:

  • kupeza kosaloledwa ndi kusuntha kwa deta;
  • machitidwe okayikitsa a ogwiritsa ntchito mwayi, zoyipa kapena zosaloledwa za ogwira ntchito;
  • kupezeka kosavomerezeka ndi kugwiritsa ntchito zinthu zamtambo;
  • neri Al.

Palinso milandu ingapo yosagwiritsa ntchito chitetezo cha pa intaneti, monga chinyengo kapena kuyang'anira ogwira ntchito, zomwe UEBA ingakhale yovomerezeka. Komabe, nthawi zambiri amafuna magwero a deta kunja kwa IT ndi chitetezo chazidziwitso, kapena zitsanzo zenizeni zowunikira ndikumvetsetsa mozama za derali. Zochitika zazikulu zisanu ndikugwiritsa ntchito zomwe onse opanga UEBA ndi makasitomala awo amavomereza zafotokozedwa pansipa.

"Malicious Insider"

Othandizira mayankho a UEBA omwe amafotokoza nkhaniyi amangoyang'anira antchito ndi makontrakitala odalirika pazachilendo, "zoyipa" kapena zoyipa. Ogulitsa m'derali laukadaulo samawunika kapena kusanthula machitidwe amaakaunti a ntchito kapena mabungwe ena omwe sianthu. Makamaka chifukwa cha izi, iwo samayang'ana kwambiri pakupeza ziwopsezo zapamwamba pomwe obera amalanda maakaunti omwe alipo. M’malo mwake, cholinga chake n’kuzindikira antchito amene akuchita zinthu zoipa.

Kwenikweni, lingaliro la "munthu woyipa" limachokera kwa ogwiritsa ntchito odalirika omwe ali ndi zolinga zoyipa omwe amafunafuna njira zowonongera abwana awo. Chifukwa chakuti zolinga zoipa n’zovuta kuziyeza, mavenda abwino kwambiri m’gululi amasanthula deta ya mmene zinthu zilili zimene sizipezeka mosavuta m’malo owerengera.

Opereka mayankho mderali amawonjezeranso ndikusanthula zomwe sizinapangike, monga maimelo, malipoti azinthu, kapena zidziwitso zapa TV, kuti apereke zomwe zikuchitika.

Zosokoneza zamkati komanso zowopseza zosokoneza

Chovuta ndikuzindikira mwachangu ndikusanthula machitidwe "oyipa" pomwe wowukirayo apeza mwayi wolumikizana ndi bungwe ndikuyamba kusuntha mkati mwazinthu za IT.
Ziwopsezo za Assertive (APTs), monga ziwopsezo zosadziwika kapena zomwe sizikumveka bwino, ndizovuta kuzizindikira ndipo nthawi zambiri zimabisala kuseri kwa akaunti yovomerezeka ya ogwiritsa ntchito kapena maakaunti a ntchito. Ziwopsezo zotere nthawi zambiri zimakhala ndi mawonekedwe ovuta (onani, mwachitsanzo, nkhani yakuti " Kulankhula ndi Cyber ​​​​Kill Chain") kapena machitidwe awo sanayesedwe kuti ndi owopsa. Izi zimapangitsa kuti zikhale zovuta kuzizindikira pogwiritsa ntchito ma analytics osavuta (monga kufananiza ndi mapatani, malire, kapena malamulo olumikizirana).

Komabe, ziwopsezo zambiri zosokoneza izi zimabweretsa machitidwe osakhazikika, omwe nthawi zambiri amaphatikiza ogwiritsa ntchito kapena mabungwe osayang'ana (aka compromised insiders). Njira za UEBA zimapereka mipata ingapo yosangalatsa yozindikira ziwopsezo zotere, kukonza chiŵerengero cha ma signal-to-phokoso, kuphatikizira ndi kuchepetsa kuchuluka kwa zidziwitso, kuika patsogolo zidziwitso zotsalira, ndikuthandizira kuyankha mogwira mtima ndi kufufuza.

Ogulitsa a UEBA omwe amayang'ana dera lamavutoli nthawi zambiri amakhala ndi njira ziwiri zolumikizirana ndi ma SIEM a bungwe.

Kusefedwa kwa data

Ntchitoyi ndikuwona kuti deta imasamutsidwa kunja kwa bungwe.
Ogulitsa amayang'ana kwambiri pazovutazi nthawi zambiri amakulitsa luso la DLP kapena DAG pozindikira mosadziwika bwino komanso kusanthula kwapamwamba, potero amawongolera chiŵerengero cha ma signal-to-phokoso, kuphatikiza kuchuluka kwa zidziwitso, ndikuyika patsogolo zoyambitsa zotsalira. Kuti mumve zambiri, mavenda nthawi zambiri amadalira kwambiri kuchuluka kwa magalimoto pa netiweki (monga ma proxies a pa intaneti) ndi data yomaliza, popeza kusanthula kwa magwero a datawa kungathandize pakufufuza kwa data.

Kuzindikira kutulutsa kwa data kumagwiritsidwa ntchito kugwira olowa mkati ndi owononga akunja akuwopseza bungwe.

Kuzindikiritsa ndi kasamalidwe ka mwayi wapadera

Opanga mayankho odziyimira pawokha a UEBA m'derali la ukatswiri amawona ndikusanthula machitidwe a ogwiritsa ntchito motsutsana ndi dongosolo laufulu lomwe lapangidwa kale kuti adziwe mwayi wochulukirapo kapena mwayi wopezeka modabwitsa. Izi zikugwira ntchito kwa mitundu yonse ya ogwiritsa ntchito ndi maakaunti, kuphatikiza maakaunti amwayi ndi ntchito. Mabungwe amagwiritsanso ntchito UEBA kuchotsa maakaunti osagona komanso mwayi wa ogwiritsa ntchito omwe ali apamwamba kuposa momwe amafunikira.

Kuyika patsogolo kwa zochitika

Cholinga cha ntchitoyi ndikuyika patsogolo zidziwitso zopangidwa ndi mayankho omwe ali muukadaulo wawo kuti amvetsetse zomwe zikuchitika kapena zomwe zingachitike ziyenera kuyang'aniridwa kaye. Njira ndi zida za UEBA ndizothandiza pakuzindikiritsa zochitika zomwe zimakhala zovuta kwambiri kapena zowopsa ku bungwe lomwe lapatsidwa. Pakadali pano, makina a UEBA samangogwiritsa ntchito gawo loyambira la zochitika ndi ziwopsezo, komanso amadzaza zidziwitso zokhudzana ndi kapangidwe ka kampani (mwachitsanzo, zida zofunika kwambiri kapena maudindo ndi kuchuluka kwa ogwira ntchito).

Mavuto pakukhazikitsa mayankho a UEBA

Ululu wamsika wamayankho a UEBA ndi mtengo wawo wapamwamba, kukhazikitsa zovuta, kukonza ndi kugwiritsa ntchito. Ngakhale makampani akuvutika ndi kuchuluka kwa ma portal osiyanasiyana amkati, akupezanso console ina. Kukula kwa kuyika kwa nthawi ndi zinthu mu chida chatsopano kumadalira ntchito zomwe zilipo komanso mitundu ya ma analytics omwe amafunikira kuti athetse, ndipo nthawi zambiri amafuna ndalama zambiri.

Mosiyana ndi zomwe opanga ambiri amati, UEBA si "chikhazikitso ndi kuiwala" chida chomwe chimatha kuyenda mosalekeza kwa masiku pamapeto.
Makasitomala a Gartner, mwachitsanzo, zindikirani kuti zimatengera kuchokera ku 3 mpaka miyezi 6 kukhazikitsa njira ya UEBA kuyambira pachiyambi kuti mupeze zotsatira zoyamba zothetsera mavuto omwe yankholi lidakhazikitsidwa. Pazochita zovuta kwambiri, monga kuzindikira zomwe zikuwopseza mkati mwa bungwe, nthawi imakwera mpaka miyezi 18.

Zinthu zomwe zimathandizira kuti pakhale zovuta kugwiritsa ntchito UEBA komanso tsogolo la chidachi:

  • Kuvuta kwa kamangidwe ka bungwe, ma network topology ndi ndondomeko zoyendetsera deta
  • Kupezeka kwa deta yoyenera pamlingo woyenera wa tsatanetsatane
  • Kuvuta kwa ma analytics a analytics algorithms — mwachitsanzo, kugwiritsa ntchito zitsanzo zowerengera ndi kuphunzira pamakina motsutsana ndi njira ndi malamulo osavuta.
  • Kuchuluka kwa ma analytics okonzedweratu omwe akuphatikizidwa-ndiko kuti, kumvetsetsa kwa wopanga zomwe deta iyenera kusonkhanitsidwa pa ntchito iliyonse ndi zosiyana ndi zomwe zili zofunika kwambiri kuti afufuze.
  • Ndi zophweka bwanji kuti wopanga aziphatikizana ndi deta yofunikira.

    Mwachitsanzo:

    • Ngati njira ya UEBA imagwiritsa ntchito SIEM monga gwero lalikulu la deta yake, kodi SIEM imasonkhanitsa zambiri kuchokera kuzinthu zofunikira?
    • Kodi zipika zofunikira ndi zidziwitso za bungwe zitha kutumizidwa ku yankho la UEBA?
    • Ngati dongosolo la SIEM silikusonkhanitsabe ndikuwongolera magwero a deta omwe akufunika ndi yankho la UEBA, ndiye angasamutsire bwanji kumeneko?

  • Ndikofunikira kotani pakugwiritsa ntchito kwa bungwe, ndi magwero angati a data omwe amafunikira, komanso kuchuluka kwa ntchitoyi kumayenderana ndi luso la wopanga.
  • Ndi mlingo wanji wa kukhwima kwa bungwe ndi kutenga nawo mbali kumafunika - mwachitsanzo, kupanga, chitukuko ndi kukonzanso malamulo ndi zitsanzo; kugawa miyeso ku zosintha kuti ziwunikire; kapena kusintha njira yowunika zoopsa.
  • Njira yothetsera malonda ndi yowonjezereka bwanji poyerekeza ndi kukula kwa bungwe ndi zofunikira zamtsogolo.
  • Nthawi yomanga zitsanzo zoyambirira, mbiri ndi magulu akuluakulu. Opanga nthawi zambiri amafunikira masiku osachepera 30 (ndipo nthawi zina mpaka masiku 90) kuti afufuze asanafotokoze mfundo "zabwinobwino". Kutsegula mbiri yakale kamodzi kungathe kufulumizitsa maphunziro achitsanzo. Zina mwazinthu zosangalatsa zitha kudziwika mwachangu pogwiritsa ntchito malamulo kuposa kugwiritsa ntchito makina ophunzirira ndi chidziwitso chochepa kwambiri choyambirira.
  • Mulingo woyeserera wofunikira kuti mupange magulu osinthika komanso mbiri ya akaunti (ntchito/munthu) imatha kusiyanasiyana pakati pa mayankho.

Source: www.habr.com

Kuwonjezera ndemanga