LOG-8 – User Behaviors Analytics (UBA)

Estimated reading: 2 minutes 1344 views

What is LOG-8 – User Behaviors Analytics (UBA) Control?

User behaviour analytics (UBA) control is about having a process in place to gather insights into the network events that users generate and analyze the events to detect the use of compromised credentials, lateral movement, and other malicious behaviour.

Typically, networks gather information related to users moving between IPs, assets, cloud services, and mobile devices. UBA, on the other hand, focuses on user activity as opposed to static threat indicators. The goal is to use UBA information to detect attacks that haven’t been mapped to threat intelligence and alert on malicious behaviour earlier in an attack.

There are no mandatory methods to use in gathering and analyzing the events.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below because we haven’t used them.

Tools
Fullstory
Amplitude

Available templates

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below because we haven’t used them.

  • N/A: no template recommendation

Control implementation

To implement this control,

Implement a UBA tool to collect and analyze the events. The implementation of the tool should take into account:

  1. Defining use cases such as identifying malicious insiders, compromised users, known security threats, and zero-day vulnerabilities
  2. Defining the data sources, such as events and logs; HR data; corporate emails; social media activity; network flows and packets
  3. Defining the behaviors about which data will be collected, such as work habits, user activities, context, biometrics,
  4. Establishing a baseline
  5. Training your employees on the tool
  6. Constant monitoring and rebuilding of the baseline periodically.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Screenshots of the UBA tool dashboard
  2. Screenshot of the UBA alert notifications

Evidence example

For the suggested action, an example is provided below:

  1. Screenshots of the UBA tool dashboard.
    The following screenshot shows the UBA tool dashboard.
    Here is the source.
    LOG 8 User Behaviors AnalyticsUBA 01
  2. Screenshot of the UBA alert notifications.
    The following screenshot shows the UBA alert notifications. Here is the source.
    LOG 8 User Behaviors AnalyticsUBA 02

Join the conversation

You might also be interested in

Documentation Templates

Documentation Templates are documents that provide a content outline to meet certain documentation needs....

Backup policy template – Download for free

The Data Backup Plan template helps you document in detail the data backup needs...

HR-13 Employee Handbook/Code of Conduct

HR-13 Employee Handbook or Code of Conduct communicates the organization’s values and ethics. It...

AUTH-1 Single Sign On (SSO)

Single Sign On (SSO) Control is a best practice recommendation for critical systems....

Security Incident Report Template

The Security Incident Report template helps you document the steps used to assess and...

BIZOPS-6 Disaster Recovery Testing

BIZOPS-6 Disaster Recovery Testing control refers to the exercise of identifying the critical systems...

PDP-10 SDLC – Separation of environments

PDP-10 SDLC Separation of Environments is important to maintain separate environments to develop, test,...

Privacy Committee Charter Template

Privacy Committee Charter serves as a foundational document, establishing the framework for the committee's...
ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR