Case study

CyberPROOF's c-AssurPeople User Behavior Analytics - Major US online retailer enhances visibility into user-based threats

The NeedImprove the effectiveness of security analysts indiscovering user-basedthreats

The ChallengeTransform huge amounts of log and event data into timelyand actionable userintelligence

The SolutionCyberPROOF’s User BehaviorAnalytics called c-AssurPeopleon top of Splunk Big DataPlatform

Background

The Need: Better Insight Into User Behavior

www.ust-global.com

A $1 billion online retail company in the US was looking for a way to enhanceits security against risky users and hijacking of legitimate user credentials.The company was already among the first to use Splunk as its SIEM and as aBig Data platform for security, collecting and running analytics on data fromits myriad of IT systems. However, from a threat mitigation perspective, thecompany realized that it was still struggling with discovering suspicious andmalicious user-based threats. They required a security analytics solution tocomplement their Splunk log repository and platform that would helpprovide user behavior analytics and mitigate user-related threats.

In addition to its Splunk Big Data platform, the retailer was also using several traditional security tools. While these tools were effective for data aggregation and detecting many types of external security threats, they were often prone to false-positives and were not able to discover rogue or compromised users and other types of suspicious user behavior. For this reason, the customer sought a solution that would better discover user based threats and complement the capabilities of Splunk.

USTGlobal ®

Case study

c-AssurPeopletransforms thevast amountsof data into amore visuallyaccessible andinformativeformat. Thatmeans ouranalysts caninvestigatemuch faster.

The Challenge: Transform BigData Into User Intelligence

www.ust-global.com

Like most large enterprises, this retailer had huge volumes of log and event data. It also had a highly skilled team of experienced security analysts adept at using Splunk tools to collect this data and provide generalized security event information. What their team lacked, however, was a way to efficiently mine and analyze this log data to find suspicious and/or malicious user behaviorsthat could indicate serious securitybreaches.

The customer needed user behavior analytics with an advanced machine learning engine, layered on top of its Splunk platform, to transform massive amounts of event and log data into timely user intelligence that could be used by security analysts to discover, investigate and remediate user-based threats before they became serious security incidents.

Within a matter of minutes, the analyst performed the following investigation:

CyberPROOF’s user behavior analytics,together with Splunk’s high-powered bigdata analysis capabilities, enabled thisretailer to achieve excellent results:

With just a few clicks, CyberPROOF provided the analyst with all the relevantinformation. The CyberPROOF solution’srisk scoring, combined with its rich querying capabilities, allowed the analyst to reach a definitive conclusion within minutes. Prior to using CyberPROOF c-A-s surePeople, similar investigations used to take hours. These time savings indicate a clear and easy-to-measure ROI.

Identified the person who owns the DB account and his other accounts (Win-dows, VPN, etc).

Explored the VPN activity of that person, identifying a suspicious connection made from Europe.

Discovered that during the VPN session the person used his SSH account to access a Jumpbox machine from which he initiated another SSH session to access the DB server. Once on the DB server, the user logged into the DB and initiated the query that triggered the high severity alert.

Completed the investigation by validat-ing that the person was indeed on a vacation in Europe and thus confirmed the false positive.

Better visibility and insight intosuspicious and malicious user behavior

Reduced risk from malicious insidersand other user-based threats

Enhanced value from the log andevent data aggregated in Splunk

Maximum ROI from existing securitytools and Big Data systems

The Solution: c-AssurPeople UserBehavior Analytics

The Results: Better Visibility,Reduced Risk, Improved ROI

After an evaluation process, this online retailer chose to use CyberPROOF’s userbehavior analytics solution to augmentthe existing Splunk capabilities and internal processes used by their security team. The c-AssurPeople solution seamlessly connects to the customer’s Splunk environment, retrieves the log data associated with user login activities, and generates insights into abnormal and suspicious user behaviors for immediate investigation by analysts. In addition, Cyber-PROOF’s solution allows the retailer to quickly identify false positives generated by other security tools. In one instance, the retailer’s existing database security tool generated a high severity warning about a suspicious query to a sensitive database.

USTGlobal ®

Case study

www.ust-global.com

To more about using user behavioral analytics and other tools and services available to protect your company, visit: www.CyberPROOF.com

ABOUT CyberPROOFCyberPROOF Inc.®, a UST Global Company, is transforming the managed security services sector by providing a comprehensive suite of cybersecurity services, combining military-grade threat intelligence with user behavior & advanced vulnerability analytics.

Our talent intelligence solution detects threats from potential malicious/careless user behavior and compro-mised user credentials. We correlate suspicious behavior with our threat intelligence to provide a complete people threat picture. We offer two levels of monitoring; one for all users, and a higher level for privileged users.

CyberPROOF is headquartered in Aliso Viejo, California with security centers in Israel and India.

USTGlobal ®

UST Global® is a fast-growing company that provides advanced computing and digital services to large private and public enterprises around the world. Driven by a larger purpose of Transforming Lives, and the philosophy of “fewer Clients, more Attention”, we bring in an entrepreneurial spirit that seeks the fastest path to value in today’s digital economy. Our innovative technology solutions and pioneering social programs make us stand apart. Our clients include Fortune 500 companies in Banking and Financial Services, Healthcare, Insurance, Retail, High Technology, Manufacturing, Shipping, and Telecom. We believe in building long-lasting, strategic business relationships through agile and client-centric global engagement models, combining expert on-site and local resources with cost,scale, and quality advantages of offshore operations.

For more information please visit www.ust-global.com

UST Global®, 5 Polaris Way, Second Floor, Aliso Viejo, CA 92656Phone: (949) 716-8757 Fax: (949) 716-8396All trademarks are the property of their respective owners. UST Global® Copyright © 2017. All Rights Reserved..