Glass Class - Uniquely UEBA
Hi, guys. Welcome to another exciting episode of Glass Class. Today we're going to talk about UEBA, or user and entity behavior analytics. What does that do? They actually baseline a user's activity to see what the user is doing, when he's logging in, what he's doing with the application, if he's downloading content, when he's downloading, and it creates a baseline of that user's activity. If the user does anything which is different from that or deviates from that normal activity, it can be tagged as something which is suspicious.
Let me walk you through an example. Dave is an employee who works with Salesforce all the time - downloads reports, analyzes data. He logs in every day Monday to Friday from, let's say, nine and then logs out at five. Suddenly, you see that Dave is logging in one day on a Saturday, which he doesn't normally do, but doesn’t necessarily mean that it’s suspicious. He logs into Salesforce, downloads a bunch of things, sends sensitive reports - which now he's going to analyze - but the different thing in this case is now he's actually emailing them out to his personal ID, which is not the usual behavior that Dave does.
All of this activity, if you look at it together and integrate it, it makes sense because now this is something suspicious which you don't want the user to do. You would want to alert the admin, so that the admin knows that this is happening, or you want to step up the authentication, like maybe send an SMS token to make sure Dave says who he is. You don't want a wrong user to get access to their information. Basically, what UEBA does is that it lets you identify suspicious user activity and take an action on it.
That's all for today. Thank you for watching this episode of Glass Class.