ProHoster > Blog > internet nhau > Musika weUEBA wakafa - rarama UEBA kwenguva refu

Musika weUEBA wakafa - rarama UEBA kwenguva refu

Musika weUEBA wakafa - rarama UEBA kwenguva refu

Nhasi tichapa pfupiso pfupi yeMushandisi uye Entity Behavioral Analytics (UEBA) musika zvichibva pane zvazvino. Gartner tsvakurudzo. Musika weUEBA uri pazasi pe "danho rekuodzwa mwoyo" maererano neGartner Hype Cycle yeThreat-Facing Technologies, zvichiratidza kukura kwehunyanzvi. Asi kukanganisika kwemamiriro ezvinhu kuri mukukura kwakaringana kwekudyara muEBA tekinoroji uye musika unonyangarika weyakazvimirira UEBA mhinduro. Gartner anofanotaura kuti UEBA ichave chikamu chekushanda kweakabatana ruzivo rwekuchengetedza mhinduro. Izwi rekuti "UEBA" rinogona kupera kusashanda uye rotsiviwa neimwe acronym yakanangana nenzvimbo yakamanikana yekushandisa (semuenzaniso, "user behaviour analytics"), nzvimbo yekushandiswa yakafanana (semuenzaniso, "data analytics"), kana kungove imwe new buzzword (semuenzaniso, izwi rekuti "artificial intelligence" [AI] rinotaridzika kunakidza, kunyangwe risingaite chero pfungwa kune vagadziri veEBA vemazuva ano).

Izvo zvakakosha zvakawanikwa kubva kuchidzidzo cheGartner zvinogona kupfupikiswa sezvizvi:

  • Kukura kwemusika wemaitiro analytics evashandisi uye masangano kunosimbiswa nenyaya yekuti matekinoroji aya anoshandiswa nechikamu chepakati uye chikuru chekambani kugadzirisa akati wandei matambudziko ebhizinesi;
  • UEBA analytics kugona kwakavakirwa muakasiyana-siyana ane hukama ekuchengetedza ruzivo matekinoroji, senge cloud access security brokers (CASBs), identity governance and administration (IGA) SIEM masisitimu;
  • Iyo hype yakatenderedza vatengesi veUEBA uye kushandiswa kusiri iko kweshoko rekuti "artificial intelligence" kunoita kuti zviome kune vatengi kunzwisisa mutsauko chaiwo pakati pevagadziri vetekinoroji uye kushanda kwemhinduro pasina kuita chirongwa chekutyaira;
  • Vatengi vanocherekedza kuti nguva yekushandisa uye kushandiswa kwezuva nezuva kweEBA mhinduro kunogona kuve kwakanyanya kushanda uye kutora nguva kupfuura izvo mugadziri anovimbisa, kunyangwe kana uchifunga chete ekutanga maitiro ekutyisidzira. Kuwedzera tsika kana mupendero makesi ekushandisa zvinogona kuoma zvakanyanya uye zvinoda hunyanzvi mune data sainzi uye analytics.

Strategic market development forecast:

  • Pakazosvika 2021, musika wevashandisi uye entity behaviour analytics (UEBA) masisitimu ichamira kuvapo senzvimbo yakaparadzana uye ichasuduruka kune dzimwe mhinduro neUEBA mashandiro;
  • Pakazosvika 2020, 95% yezvese kutumirwa kweUEBA ichave chikamu chepuratifomu yakafararira.

Tsanangudzo yeUEBA mhinduro

UEBA mhinduro dzinoshandisa yakavakirwa-mukati analytics kuongorora chiitiko chevashandisi uye zvimwe masangano (seanogamuchira, maapplication, network traffic uye data store).
Ivo vanoona kutyisidzira uye zvingangoitika zviitiko, kazhinji zvinomiririra zviitiko zvisinganzwisisike zvichienzaniswa neyakajairwa chimiro uye maitiro evashandisi uye masangano ari mumapoka akafanana nekufamba kwenguva.

Mamiriro ekushandiswa anonyanya kushandiswa muchikamu chebhizinesi kuona nekutyisidzira uye mhinduro, pamwe nekuona uye kupindura kune kutyisidzira kwemukati (kunyanya kukanganisa mukati; dzimwe nguva vanorwisa vemukati).

UEBA yakafanana chisarudzo, uye basa, yakavakirwa mune chaiyo chishandiso:

  • Mhinduro ndeyevagadziri ve "pure" UEBA mapuratifomu, kusanganisira vatengesi vanotengesa SIEM mhinduro zvakasiyana. Yakatarisana neakasiyana siyana ebhizinesi matambudziko mukuzvibata analytics yevashandisi uye masangano.
  • Yakamisikidzwa - Vagadziri / zvikamu zvinosanganisa UEBA mabasa uye matekinoroji mumhinduro dzavo. Kazhinji inotariswa pane imwe seti yezvinetso zvebhizinesi. Muchiitiko ichi, UEBA inoshandiswa kuongorora maitiro evashandisi uye/kana masangano.

Gartner anoona UEBA pamwe nematemo matatu, anosanganisira zvinogadzirisa matambudziko, analytics, uye data masosi (ona mufananidzo).

Musika weUEBA wakafa - rarama UEBA kwenguva refu

"Yakachena" UEBA mapuratifomu achipesana neakavakirwa-muUEBA

Gartner anoona "yakachena" UEBA chikuva semhinduro izvo:

  • kugadzirisa matambudziko akati wandei, akadai sekutarisa vashandisi vane rombo rakanaka kana kuburitsa data kunze kwesangano, uye kwete chete abstract "kutarisisa kweanomalous mushandisi chiitiko";
  • zvinosanganisira kushandiswa kwekuongorora kwakaoma, zvichibva pamaitiro ekuongorora maitiro;
  • inopa akati wandei sarudzo dzekuunganidza data, kusanganisira ese ari maviri akavakirwa-mukati dhata sosi nzira uye kubva kurogi manejimendi maturusi, Data lake uye/kana SIEM masisitimu, pasina chinosungirwa chinodiwa kuendesa vakasiyana vamiririri muzvivakwa;
  • inogona kutengwa uye kuiswa sezvigadziriso zvega pane kuisirwa mukati
    kuumbwa kwezvimwe zvigadzirwa.

Tafura iri pasi apa inofananidza nzira mbiri idzi.

Tafura 1. "Yakachena" UEBA mhinduro vs yakavakirwa-mukati

chikamu "Pure" UEBA mapuratifomu Dzimwe mhinduro dzine yakavakirwa-mukati UEBA
Dambudziko rinofanira kugadziriswa Ongororo yemaitiro evashandisi uye masangano. Kushaikwa kwedata kunogona kudzikamisa UEBA yekuongorora maitiro evashandisi chete kana masangano.
Dambudziko rinofanira kugadziriswa Inoshanda kugadzirisa matambudziko mazhinji Nyanzvi mune shoma seti yemabasa
Analytics Kuonekwa kweanomaly uchishandisa nzira dzakasiyana-siyana dzekuongorora - kunyanya kuburikidza nenhamba dzemhando uye kudzidza muchina, pamwe chete nemitemo nemasaini. Inouya neakavakirwa-mukati analytics kugadzira uye kuenzanisa mushandisi uye mubatanidzwa chiitiko kune avo uye evamwe 'profiles. Zvakafanana neUEBA yakachena, asi ongororo inogona kugumira kune vashandisi uye/kana masangano chete.
Analytics Advanced analytical kugona, kwete chete nemitemo. Semuenzaniso, clustering algorithm ine dynamic grouping yemasangano. Zvakafanana ne "yakachena" UEBA, asi masangano ari mumapoka mune mamwe akadzikwa ekutyisidzira modhi anogona chete kuchinjwa nemaoko.
Analytics Kuwirirana kwechiitiko uye maitiro evashandisi uye zvimwe masangano (semuenzaniso, kushandisa Bayesian network) uye kuunganidzwa kwehunhu hwenjodzi yega yega kuitira kuona chiitiko chisingafadzi. Zvakafanana neUEBA yakachena, asi ongororo inogona kugumira kune vashandisi uye/kana masangano chete.
Data sources Kugamuchira zviitiko zvevashandisi uye masangano kubva kudhata masosi zvakananga kuburikidza neakavakirwa-mukati masisitimu kana aripo data zvitoro, senge SIEM kana Data lake. Nzira dzekutora data dzinowanzo kutungamira uye dzinobata vashandisi chete uye/kana mamwe masangano. Usashandise log manejimendi maturusi / SIEM / Data dziva.
Data sources Mhinduro haifanire kungovimba chete netiweki traffic sesosi huru yedata, uye haifanire kuvimba chete nevamiriri vayo kuti vatore telemetry. Mhinduro yacho inogona kutarisa chete kunetiweki traffic (semuenzaniso, NTA - network yekuongorora traffic) uye/kana kushandisa vamiririri vayo pamidziyo yekupedzisira (semuenzaniso, yevashandi yekutarisa zvishandiso).
Data sources Kuzadza data yemushandisi / yesangano nemamiriro ezvinhu. Inotsigira kuunganidzwa kwezviitiko zvakarongwa munguva chaiyo, pamwe neyakarongwa/isina kurongeka yakabatana data kubva kuIT madhairekitori - semuenzaniso, Active Directory (AD), kana zvimwe zvinoverengeka muchina ruzivo ruzivo (semuenzaniso, HR dhatabhesi). Zvakafanana neUEBA yakachena, asi chiyero che data yemamiriro ezvinhu chinogona kusiyana kubva pane imwe nyaya. AD neLDAP ndiwo anonyanya kuzivikanwa zvitoro zvedata zvinoshandiswa neEBA yakamisikidzwa mhinduro.
Kuwanika Inopa izvo zvakanyorwa sechigadzirwa chakazvimirira. Izvo hazvigoneke kutenga yakavakirwa-muUEBA mashandiro pasina kutenga mhinduro yekunze iyo inovakwa.
Kunobva: Gartner (Chivabvu 2019)

Nekudaro, kugadzirisa mamwe matambudziko, yakamisikidzwa UEBA inogona kushandisa ekutanga UEBA analytics (semuenzaniso, yakapusa isina anotariswa muchina kudzidza), asi panguva imwe chete, nekuda kwekuwana iyo chaiyo data inodiwa, inogona kuve inoshanda zvakanyanya pane "yakachena" UEBA mhinduro. Panguva imwecheteyo, "yakachena" UEBA mapuratifomu, sezvaitarisirwa, inopa mamwe akaoma analytics seyakanyanya kuziva-nzira kana ichienzaniswa neyakavakirwa-muUEBA chishandiso. Mibairo iyi yakapfupikiswa muTable 2.

Tafura 2. Mhedzisiro yekusiyana pakati pe "yakachena" uye yakavakwa muUEBA

chikamu "Pure" UEBA mapuratifomu Dzimwe mhinduro dzine yakavakirwa-mukati UEBA
Analytics Kushanda kwekugadzirisa kwakasiyana siyana matambudziko ebhizinesi kunoreva seti yepasirese yeUEBA mabasa nekusimbisa kune yakaoma analytics uye michina yekudzidza modhi. Kutarisa pane diki seti yezvinetso zvebhizinesi zvinoreva zvakanyanya hunyanzvi maficha anotarisa pamashandisirwo-chaiwo mamodheru ane pfungwa dzakareruka.
Analytics Kugadziriswa kweiyo analytical modhi inodiwa kune yega yega application mamiriro. Ongororo mhando dzakafanogadzirirwa kune chishandiso chine UEBA chakavakirwa machiri. Chishandiso chine yakavakirwa-mukati UEBA kazhinji chinowana nekukurumidza mhedzisiro mukugadzirisa mamwe matambudziko ebhizinesi.
Data sources Kuwanikwa kune data masosi kubva kumakona ese eiyo corporate infrastructure. Mashoma edata masosi, kazhinji anoganhurirwa nekuwanikwa kwevamiririri kwavari kana chishandiso pachacho chine mabasa eUEBA.
Data sources Ruzivo rwuri mugirogi rega rega rinogona kuganhurirwa nedata sosi uye rinogona kunge riine data rese rinodiwa repakati UEBA chishandiso. Huwandu uye ruzivo rwe data mbishi yakaunganidzwa nemumiririri uye nekutumirwa kuUEBA inogona kunyatso gadziriswa.
akitekicha Icho chakazara UEBA chigadzirwa chesangano. Kubatanidza kuri nyore kushandisa kugona kweSIEM system kana Data lake. Inoda seti yakaparadzana yeUEBA maficha kune yega yega mhinduro dzakavaka-muUEBA. Yakamisikidzwa UEBA mhinduro dzinowanzoda kuisa vamiririri uye kutonga data.
Kubatanidzwa Manual kubatanidzwa kweiyo UEBA mhinduro nemamwe maturusi mune yega yega kesi. Inobvumira sangano kuti rivake tekinoroji yayo yakavakirwa pane "yakanakisa pakati peanalogues" maitiro. Iwo makuru masumbu eEBA mabasa akatoverengerwa muchishandiso pachacho nemugadziri. Iyo UEBA module yakavakirwa-mukati uye haigone kubviswa, saka vatengi havagone kuitsiva nechinhu chavo.
Kunobva: Gartner (Chivabvu 2019)

UEBA sebasa

UEBA iri kuita chimiro chekupedzisira-kusvika-kumagumo cybersecurity mhinduro dzinogona kubatsirwa kubva kune mamwe analytics. UEBA inoisa pasi pezvigadziriso izvi, ichipa dhairekitori rine simba reanalytics yepamberi yakavakirwa pamushandisi uye/kana mubatanidzwa maitiro.

Parizvino pamusika, iyo yakavakirwa-muUEBA mashandiro anoitwa mune anotevera mhinduro, akaiswa mumapoka nehunyanzvi hwekuita:

  • Data-yakatarisana nekuongorora uye kudzivirira, vatengesi vanotarisana nekuvandudza kuchengetedzwa kwekuchengetedzwa kwakarongeka uye kusina kugadzirwa kwedata (aka DCAP).

    Muchikamu ichi chevatengesi, Gartner anoti, pakati pezvimwe zvinhu, Varonis cybersecurity chikuva, iyo inopa mushandisi maitiro analytics yekutarisa shanduko mune isina kurongeka data mvumo, kuwana, uye mashandisiro muzvitoro zvakasiyana zveruzivo.

  • CASB masisitimu, inopa dziviriro pakutyisidzira kwakasiyana-siyana mumakore-based SaaS application nekuvhara kupinda kune Cloud masevhisi ezvishandiso zvisingadiwe, vashandisi uye shanduro dzekushandisa vachishandisa adaptive yekuwana control system.

    Yese inotungamira pamusika-inotungamira yeCASB mhinduro dzinosanganisira UEBA kugona.

  • DLP mhinduro - yakatarisana nekuona kuendeswa kwe data yakakosha kunze kwesangano kana kushungurudzwa kwayo.

    Kufambira mberi kweDLP kwakavakirwa pakunzwisisa zvirimo, nekutarisisa kushoma pakunzwisisa mamiriro semushandisi, mashandisirwo, nzvimbo, nguva, kumhanya kwezviitiko, uye zvimwe zvekunze. Kuti zvishande, zvigadzirwa zveDLP zvinofanirwa kuziva zvese zvirimo uye mamiriro. Ichi ndicho chikonzero nei vagadziri vazhinji vari kutanga kubatanidza UEBA mashandiro mumhinduro dzavo.

  • Kutariswa kwevashandi iko kugona kurekodha uye kudzokorodza zviito zvevashandi, kazhinji mune data fomati yakakodzera kumatare emutemo (kana zvichidikanwa).

    Kugara uchitarisisa vashandisi kunowanzo gadzira huwandu hwakawandisa hwe data inoda kusefa yemanyorero uye kuongororwa kwevanhu. Naizvozvo, UEBA inoshandiswa mukati mekutarisa masisitimu kuvandudza mashandiro emhinduro idzi uye kuona chete zviitiko zvine njodzi.

  • Endpoint Security -Endpoint yekuona uye mhinduro (EDR) mhinduro uye endpoint dziviriro mapuratifomu (EPP) inopa ine simba chiridzwa uye inoshanda sisitimu telemetry kune
    magumo zvishandiso.

    Telemetry yakadaro ine chekuita nemushandisi inogona kuongororwa kuti ipe yakavakirwa-mukati UEBA mashandiro.

  • Online fraud -Magadziriso ekuona hutsotsi pamhepo anoona chiitiko chakatsauka chinoratidza kukanganisa kweakaundi yemutengi kuburikidza nespoof, malware, kana kushandisa zvisina kuchengetedzwa kubatana / bhurawuza kubatwa kwetraffic.

    Mazhinji mhinduro dzekubiridzira anoshandisa musimboti weUEBA, ongororo yekutengeserana uye kuyerwa kwechishandiso, ine masisitimu epamberi anoatsigira nekufananidza hukama mudura rezvitupa.

  • IAM uye kutonga kwekuwana - Gartner anocherekedza maitiro ekushanduka pakati pekuwana yekudzora system vatengesi kuti ibatanidze nevatengesi vakachena uye kuvaka kumwe kushanda kweUEBA muzvigadzirwa zvavo.
  • IAM uye Identity Governance uye Administration (IGA) masisitimu shandisa UEBA kuvhara maitiro uye chitupa analytics mamiriro akadai sekuona anomaly, dynamic group kuongororwa kwemasangano akafanana, ongororo yekupinda, uye kuongororwa kwemitemo yekuwana.
  • IAM uye Yakasarudzika Access Management (PAM) -Nekuda kwebasa rekutarisa kushandiswa kwemaakaundi ekutonga, PAM mhinduro dzine telemetry kuratidza sei, sei, riini uye kupi maakaundi ekutonga akashandiswa. Iyi data inogona kuongororwa uchishandisa yakavakirwa-mukati mashandiro eUEBA nekuda kwekuvapo kwehunhu husina kunaka hwevatungamiriri kana chinangwa chakaipa.
  • Vagadziri NTA (Network Traffic Analysis) - shandisa musanganiswa wekudzidza kwemuchina, analytics yepamberi uye kutonga-kwakavakirwa kucherechedzwa kuona chiitiko chinofungidzirwa pamanetiweki emakambani.

    Maturusi eNTA anoramba achiongorora kunobva traffic uye/kana kuyerera marekodhi (e.g. NetFlow) kuvaka mamodheru anoratidza zvakajairwa netiweki maitiro, achinyanya kutarisa pane entity maitiro analytics.

  • siem -Vazhinji vatengesi veSIEM ikozvino vane advanced data analytics mashandiro akavakirwa muSIEM, kana seyakasiyana UEBA module. Mugore rose ra2018 uye kusvika pari zvino muna 2019, kwave nekuenderera mberi nekudzima kwemiganhu pakati peSIEM neUEBA mashandiro, sezvakakurukurwa muchinyorwa. "Tekinoroji Insight kune Yemazuvano SIEM". SIEM masisitimu ave nani pakushanda neanalytics uye kupa mamwe akaomarara ekushandisa mamiriro.

UEBA Application Scenarios

UEBA mhinduro dzinogona kugadzirisa huwandu hwakawanda hwematambudziko. Nekudaro, vatengi veGartner vanobvuma kuti nyaya yekutanga yekushandisa inosanganisira kuona akasiyana mapoka ekutyisidzira, anowanikwa nekuratidza uye kuongorora kazhinji kuwirirana pakati pemaitiro emushandisi uye zvimwe masangano:

  • kuwana kusingatenderwi uye kufamba kwedata;
  • hunhu hwekufungira hwevashandisi vane rombo rakanaka, kuita kwakashata kana kusatenderwa kwevashandi;
  • kusina-standard kuwana uye kushandiswa kwegore zviwanikwa;
  • uye vamwe.

Kune zvakare akati wandei eatypical asiri-cybersecurity makesi ekushandisa, akadai sehutsotsi kana kutarisa kwevashandi, izvo UEBA inogona kupembedzwa. Nekudaro, ivo vanowanzoda data masosi kunze kweIT uye chengetedzo yeruzivo, kana mamodheru ekuongorora ane kunzwisisa kwakadzama kwenzvimbo iyi. Iwo mashanu makuru mamiriro uye mashandisirwo ayo vese vagadziri veUEBA nevatengi vavo vanobvumirana pazviri zvinotsanangurwa pazasi.

"Nyaya Insider"

UEBA mhinduro vanopa vanovhara chiitiko ichi vanongotarisa vashandi uye vanovimbika makondirakiti ezvisina kujairika, "zvakaipa," kana hunhu hwakashata. Vatengesi vari munzvimbo ino yehunyanzvi havatarise kana kuongorora maitiro emaakaundi ebasa kana zvimwe zvisiri zvevanhu. Kunyanya nekuda kweizvi, ivo havana kutarisana nekuona kutyisidzira kwepamberi uko matsotsi anotora maakaundi aripo. Pane kudaro, dzine chinangwa chekuona vashandi vanobatanidzwa mumabasa anokuvadza.

Chaizvoizvo, pfungwa ye "ane utsinye mukati" inobva kune vashandisi vanovimbwa vane vavariro yakaipa vanotsvaga nzira dzekukuvadza wavanoshandira. Nekuda kwekuti vavariro yakaipa inonetsa kuyera, vatengesi vakanyanya muchikamu ichi vanoongorora dhata remaitiro risingawanikwe nyore mumabhuku ekuongorora.

Vagadziri vemhinduro munzvimbo ino vanowedzerawo nekuongorora zvisina kurongeka data, senge email zvemukati, mishumo yezvigadzirwa, kana ruzivo rwesocial media, kupa mamiriro ehunhu.

Kukanganisa mukati uye intrusive kutyisidzira

Dambudziko nderekukurumidza kuona uye kuongorora maitiro "akaipa" kana munhu anorwisa awana mukana wesangano uye anotanga kufamba mukati meiyo IT infrastructure.
Assertive kutyisidziro (APTs), sekusazivikanwa kana kusati kwanyatsonzwisiswa kutyisidzira, kwakaoma zvakanyanya kuona uye kazhinji kuhwanda kuseri kwezviitwa zvemushandisi zviri pamutemo kana maakaundi masevhisi. Kutyisidzira kwakadaro kunowanzo kuve nemhando yekushanda yakaoma (ona, semuenzaniso, chinyorwa " Kutaura neCyber ​​​​Kill Chain") kana maitiro avo haasati aongororwa seanokuvadza. Izvi zvinoita kuti vaome kuona vachishandisa analytics iri nyore (sekufananidza nemapatani, zvikumbaridzo, kana mitemo yekubatanidza).

Nekudaro, mazhinji ekutyisidzira aya anopinza anokonzeresa maitiro asina mwero, kazhinji anosanganisira vasingafungidzire vashandisi kana masangano (aka compromised insiders). UEBA matekiniki anopa akati wandei anonakidza mikana yekuona kutyisidzira kwakadaro, kunatsiridza chiratidzo-kune-ruzha reshiyo, kubatanidza uye kuderedza vhoriyamu yeziviso, kukoshesa chenjedzo dzakasara, uye kufambisa mhinduro inoshanda uye kuongorora.

Vatengesi veUEBA vanonangidzira iyi nharaunda yedambudziko vanowanzove nebi-directional yekubatanidza nesangano reSIEM masisitimu.

Data Exfiltration

Basa munyaya iyi nderokuona chokwadi chokuti data iri kuendeswa kunze kwesangano.
Vatengesi vakatarisa padambudziko iri vanowanzo wedzera DLP kana DAG hunyanzvi nekuonekwa kweanomaly uye analytics yepamberi, nekudaro vachivandudza chiratidzo-ku-ruzha reshiyo, kubatanidza vhoriyamu yekuzivisa, uye kuisa pamberi pezvinokonzeresa. Kuti uwane mamwe mamiriro, vatengesi vanowanzovimba zvakanyanya netiweki traffic (senge web proxies) uye yekupedzisira data, sezvo kuongororwa kweaya masosi data kunogona kubatsira mukutsvagisa data.

Data exfiltration yekuona inoshandiswa kubata varimukati nevekunze hackers vachityisidzira sangano.

Kuzivikanwa uye manejimendi ekuwana yakasarudzika

Vagadziri vezvakazvimiririra UEBA mhinduro munzvimbo ino yehunyanzvi tarisa uye ongorora maitiro evashandisi vachipesana neyakatogadzirwa system yekodzero kuitira kuti vaone ropafadzo dzakawandisa kana kuwana kusinganzwisisike. Izvi zvinoshanda kune ese marudzi evashandisi uye maakaundi, kusanganisira ane rombo uye masevhisi maakaundi. Masangano anoshandisawo UEBA kubvisa maakaunzi akarara uye neropafadzo dzevashandisi dzakakwirira pane zvinodiwa.

Chiitiko chekutanga

Chinangwa chebasa iri ndechekuisa pamberi zviziviso zvinogadzirwa nemhinduro mune yavo tekinoroji stack kuti vanzwisise kuti ndezvipi zviitiko kana zvingangoitika zviitiko zvinofanirwa kutariswa kutanga. Maitiro eUEBA uye maturusi anobatsira pakuona zviitiko zvakanyanya kunyangadza kana kunyanya zvine njodzi kusangano rakapihwa. Muchiitiko ichi, iyo UEBA meshini haingoshandisi iyo yekutanga nhanho yechiitiko uye yekutyisidzira modhi, asi zvakare inozadza iyo data neruzivo nezve chimiro chesangano chekambani (semuenzaniso, zvakakosha zviwanikwa kana mabasa uye mazinga ekuwana evashandi).

Matambudziko ekushandisa UEBA mhinduro

Iko kurwadziwa kwemusika kweEBA mhinduro mutengo wavo wepamusoro, kuita kwakaoma, kugadzirisa uye kushandiswa. Nepo makambani ari kunetsekana nehuwandu hweakasiyana emukati maportals, ivo vari kuwana imwe console. Saizi yekudyara yenguva uye zviwanikwa muchishandiso chitsva zvinoenderana nemabasa aripo uye mhando dzeanalytics dzinodiwa kuzvigadzirisa, uye kazhinji zvinoda mari yakakura.

Kusiyana nezvinotaurwa nevakawanda vanogadzira, UEBA haisi "iise uye ukanganwe" chishandiso chinogona kuenderera mberi kwemazuva ekupedzisira.
Gartner vatengi, semuenzaniso, cherechedza kuti zvinotora kubva kumwedzi mitatu kusvika kumwedzi mitanhatu kutanga chirongwa cheUEBA kubva mukutanga kuwana mhinduro dzekutanga dzekugadzirisa matambudziko ayo mhinduro iyi yakashandiswa. Kune mamwe mabasa akaomarara, sekuziva kutyisidzira mukati mesangano, nguva yacho inowedzera kusvika kumwedzi gumi nemisere.

Zvinhu zvinopesvedzera kuoma kwekushandisa UEBA uye kushanda kweramangwana kwechishandiso:

  • Kuoma kwesangano rekuvaka, network topology uye data management policy
  • Kuvepo kweiyo data chaiyo padanho rakakodzera reruzivo
  • Iko kuomarara kwemutengesi's analytics algorithms-semuenzaniso, kushandiswa kwemamodhi yenhamba uye kudzidza muchina maringe nemaitiro akareruka nemitemo.
  • Huwandu hwe pre-configured analytics inosanganisirwa-kureva, kunzwisisa kwemugadziri weiyo data inoda kuunganidzwa pabasa rega rega uye kuti ndezvipi zvinosiyana uye hunhu zvinonyanya kukosha kuita ongororo.
  • Zviri nyore sei kuti mugadziri azvisanganise ne data inodiwa.

    Somuenzaniso:

    • Kana mhinduro yeUEBA ichishandisa SIEM sisitimu sesosi huru yedata rayo, iyo SIEM inounganidza ruzivo kubva kune inodiwa data masosi?
    • Ko matanda anodiwa echiitiko uye data yemamiriro ehurongwa anogona kuendeswa kune UEBA mhinduro?
    • Kana iyo SIEM system isati yaunganidza uye kutonga masosi edata anodiwa neUEBA mhinduro, saka angatamiswa sei ikoko?

  • Yakakosha sei mamiriro ekushandisa kwesangano, ingani madhata masosi ainoda, uye ingani iro basa iri rinopindirana nenzvimbo yemugadziri yehunyanzvi.
  • Ndeipi dhigirii yekukura kwesangano uye kubatanidzwa kunodiwa - semuenzaniso, kusikwa, kusimudzira nekunatsiridza kwemitemo nemhando; kugovera uremu kune zvinoshanduka kuti zviongororwe; kana kugadzirisa chikumbaridzo chekuongorora njodzi.
  • Yakakura sei mhinduro yemutengesi uye mavakirwo ayo zvichienzaniswa nekukura kwazvino kwesangano nezvarinoda mune ramangwana.
  • Nguva yekuvaka mamodheru ekutanga, maprofile uye mapoka akakosha. Vagadziri vanowanzoda mazuva angangoita makumi matatu (uye dzimwe nguva kusvika kumazuva makumi mapfumbamwe) kuti vaongorore vasati vatsanangura "zvakajairika" pfungwa. Kuisa nhoroondo data kamwe chete kunogona kukurumidzira kudzidziswa kwemuenzaniso. Mamwe emakesi anonakidza anogona kuzivikanwa nekukurumidza uchishandisa mitemo pane kushandisa muchina kudzidza ine inoshamisa ishoma yedata yekutanga.
  • Chiyero chekuedza chinodiwa kuvaka boka rinochinja uye nhoroondo yeakaundi (sevhisi/munhu) inogona kusiyanisa zvakanyanya pakati pemhinduro.

Source: www.habr.com

Voeg