Case study Major US Online Retailer Enhances Visibility into User-based Threats with CyberEdge’s c-AssurPeople User Behavior Analytics The Need Improve the effectiveness of security analysts in discovering user-based threats The Challenge Transform huge amounts of log and event data into timely and actionable user intelligence The Solution CyberEdge’s User Behavior Analytics called c-AssurPeo- ple on top of Splunk Big Data Platform Background A $1 billion online retail company in the US was looking for a way to enhance its security against risky users and hijacking of legitimate user credentials. The company was already among the first to use Splunk as its SIEM and as a Big Data platform for security, collecting and running analytics on data from its myriad of IT systems. However, from a threat mitigation perspective, the company realized that it was still struggling with discovering suspicious and malicious user-based threats. They required a security analytics solution to complement their Splunk log repository and platform that would help provide user behavior analytics and mitigate user-related threats. The Need: Better Insight Into User Behavior In addition to its Splunk Big Data platform, the retailer was also using several traditional security tools. While these tools were effective for data aggrega- tion and detecting many types of external security threats, they are often prone to false-positives and are not able to discover rogue or compromised users and other types of suspicious user behavior. For this reason, the customer sought a solution that would better discover user based threats and complement the capabilities of Splunk. USTGlobal ® INNOVATION INFORMATION TECHNOLOGY www.ust-global.com
Transcript
Case study
Major US Online Retailer Enhances Visibility into User-based Threats with CyberEdge’sc-AssurPeople User Behavior Analytics
The NeedImprove the effectiveness ofsecurity analysts in discovering user-based threats
The ChallengeTransform huge amounts of log and event data into timely and actionable user intelligence
The SolutionCyberEdge’s User BehaviorAnalytics called c-AssurPeo-ple on top of Splunk Big Data Platform
BackgroundA $1 billion online retail company in the US was looking for a way to enhance its security against risky users and hijacking of legitimate user credentials. The company was already among the first to use Splunk as its SIEM and as a Big Data platform for security, collecting and running analytics on data from its myriad of IT systems. However, from a threat mitigation perspective, thecompany realized that it was still struggling with discovering suspicious andmalicious user-based threats. They required a security analytics solution tocomplement their Splunk log repository and platform that would help provide user behavior analytics and mitigate user-related threats.
The Need: Better Insight Into User BehaviorIn addition to its Splunk Big Data platform, the retailer was also using severaltraditional security tools. While these tools were effective for data aggrega-tion and detecting many types of external security threats, they are often prone to false-positives and are not able to discover rogue or compromised users and other types of suspicious user behavior. For this reason, the customer sought a solution that would better discover user based threats and complement the capabilities of Splunk.
USTGlobal ®
INNOVATION INFORMATION TECHNOLOGYwww.ust-global.com
Case study
c-AssurPeople
transforms the
vast amounts
of data into a
more visually
accessible and
informative
format. That
means our
analysts can
investigate
much faster.
USTGlobal ®
INNOVATION INFORMATION TECHNOLOGYwww.ust-global.com
The Challenge: Transform BigData Into User IntelligenceLike most large enterprises, this retailerhad huge volumes of log and event data. It also had a highly skilled team ofexperienced security analysts adept atusing Splunk tools to collect this data and provide generalized security eventinformation. What their team lacked,however, was a way to efficiently mine and analyze this log data to find suspi-cious and/or malicious user behaviors that could indicate serious security breaches.
The customer needed user behavioranalytics with an advanced machinelearning engine, layered on top of itsSplunk platform, to transform massiveamounts of event and log data into timely user intelligence that could be used by security analysts to discover, investigate and remediate user-based threats before they became serious security incidents.
The Solution: c-AssurPeople UserBehavior AnalyticsAfter an evaluation process, this onlineretailer chose to use CyberEdge’s userbehavior analytics solution to augment the existing Splunk capabilities and internal processes used by their security team. The c-AssurPeople solution seamlessly connects to the customer’s Splunk environment, retrieves the log data associated with user login activities, and generates insights into abnormal and suspicious user behaviors for immediate investigation by analysts.
In addition, CyberEdge’s solution allowsthe retailer to quickly identify falsepositives generated by other securitytools. In one instance, the retailer’s existing
database security tool generated a highseverity warning about a suspicious query to a sensitive database. Within a matter of minutes, the analyst performed the following investigation:
Identified the person who owns the DB account and his other accounts (Windows, VPN, etc).
Explored the VPN activity of that person, identifying a suspicious connection made from Europe.
Discovered that during the VPN session the person used his SSH account to access a Jumpbox machine from which he initiated another SSH session to access the DB server. Once on the DB server, the user logged into the DB and initiated the query that triggered the high severity alert.
Completed the investigation by validating that the person was indeed on a vacation in Europe and thus confirmed the false positive.
With just a few clicks, CyberEdge provid-ed the analyst with all the relevantinformation. The CyberEdge solution’s risk scoring, combined with its rich querying capabilities, allowed the analyst to reach a definitive conclusion within minutes. Before using CyberEdge c-As-surePeople, similar investigations used to take hours. These time savings indicate a clear and easy-to-measure ROI.
The Results: Better Visibility,Reduced Risk, Improved ROICyberEdge’s user behavior analytics,together with Splunk’s high-powered bigdata analysis capabilities, enabled thisretailer to achieve excellent results:
Better visibility and insight into suspicious and malicious user behavior
Reduced risk from malicious insiders and other user-based threats
Enhanced value from the log and event data aggregated in Splunk
Maximum ROI from existing security tools and Big Data systems
Learn more about using user behavioral analytics and other tool and services available to protect
your company. Visit www.cyberedge.com
ABOUT CyberEdgeCyberEdge Inc.®, a UST Global Company, is transforming the managed security services sector by
providing a comprehensive suite of cybersecurity services, combining military-grade threat
intelligence with user behavior & advanced vulnerability analytics.
Our talent intelligence solution detects threats from potential malicious/careless user behavior and
compromised user credentials. We correlate suspicious behavior with our threat intelligence to
provide a complete people threat picture. We offer tow levels of monitoring; on for all users, and a
higher level for privileged users.
CyberEdge is headquartered in Aliso Viejo, California with security centers in Israel and India.
Case study
UST Global is a digital technology services company that provides next generation digital solutions for Global 1000 companies. Our mission is to ‘Transform Lives’ using the power of digital technologies and the focus is on digital services and solutions. With a business model of ‘fewer CLIENTS, more ATTENTION’, UST Global strives for excellence in providing our clients with the best service and commitment to long-term client success.
Headquartered in Aliso Viejo, California, UST Global has over 15,000 associates operating in 25 countries across four continents. For more information please visit: www.ust-global.com
