CHAPTER 8

User identity mapping.

Tracking user activity is an integral part of identifying security anomalies in an organization. Often, a user is logging activity from different devices and platforms in the network. It is important to map all these activities to the same user, otherwise you may mistake all these activities as being carried out by different users, which can be problematic for effective user behavior monitoring.

What is user identity mapping, and how does it work?

In an organization, users may be using different devices and platforms to organize and carry out their routine tasks. All these different platforms might use different user IDs for tracking a user's behavior.

User identity mapping links a user's IDs from different domains to the user ID of the back-end system. By applying user identity mapping, the user and entity behavior analytics (UEBA) system can ascertain the activity of a single user across multiple domains and correlate these activities to identify anomalies.

How is user identity mapping implemented in an organization?

Suppose an employee named John logs in to his organization's network using his Windows device. Using data from Active Directory, the UEBA system can determine that the logon activity was performed by John. However, suppose John updated some permissions in his organization's firewall. The firewall might require a different set of credentials from John.

Without a UEBA solution, these activities will be logged as two activities from two different users. This is where UEBA comes into play; it maps the user ID of John in Active Directory to the user ID of John in the firewall. As a result, the activities on both platforms will be attributed to John and logged as two actions carried out by a single user.

 

Chapter 2

Different functions of SIEM

Learn about the different capabilities of an ideal SIEM solution.

 

Chapter 3

Component of SIEM Architecture

 

Chapter 4

Log Management

Learn about log management and why it is necessary.

 

Chapter 5

Incident Management

Learn about security incidents and how they are handled.

 

Chapter 6

Threat intelligence

Learn about security audits, real-time monitoring, and correlation and how they are useful to mitigate cyberthreats.

 

Chapter 7

Cloud security

Learn why it is important to secure data that is stored online on cloud computing platforms.

 

Chapter 8

User Entity and Behavior Analytics

Learn why UEBA is critical to maximize cybersecurity.

 

Chapter 9

Data protection

Learn why it is important to adhere to compliance regulations.