www.ust-global.com

Global Internet Giant Bolsters Customer Data Security with CyberEdge’s c-AssurPeople User Behavior Analytics

BackgroundOne of the world’s largest Internet companies manages all customer data in a proprietary account management system, which is at the heart of its business operations. Not surprisingly, this company has a large security team and invests huge efforts to ensure the privacy and integrity of its customer data.Aware of the dangers of today’s cyber threats, the company’s security team realized that it required smarter tools to protect its infrastructure and internal systems from hard-to- detect user-based threats. In fact, while searching for a new and more effective solution, the company experienced a security incident that exploited legitimate user credentials.

The Need: Protect Sensitive Data from User-Based ThreatsWhen it came to evaluating possible solutions for user analytics, the organization started with Splunk, which it was already using as a log repository. However, it quickly realized that while Splunk is good for storing and running

The Need

Protect sensitive customer data and improve security capabilities against hard-to- detect user-based threats

The Challenge

Extracting actionable user intelligence from massive volumes of log data

The Solution

CyberEdge’s User Behavior Analytics called c-AssurPeople on top of Splunk Big Data Platform

Case study

www.ust-global.com

basic analytics on log data collected from myriad systems, it lacks user-centric analytics and advanced self-learning capabilities required to detect anomalies, profile behavior, and generate risk scores. This is exactly the type of user intelligence it needed to discover and investigate potential risks to its sensitive customer data.

However, adding this type of functionality to Splunk would have required knowledge and expertise that its own in-house development team simply didn’t have. For this reason, the customer sought an analytics solution that could complement the capabilities of Splunk by giving their security analysts better insights and visibility into user behaviors.

The Challenge: Extract Actionable User Intelligence from Log DataThe customer already used Splunk to collect massive volumes of log and event data from hundreds of data sources. What it needed was a way to mine and analyze this log data to find suspicious and/or malicious user behaviors that could indicate serious data breaches.

Another key technical challenge was integrating the analytics solution within the customer’s homegrown and proprietary system environment. The customer required a flexible solution that could easily accommodate the new data source (i.e., its cus- tomer account management system), as well as tailored functionality to support its specific use cases. And it needed all of this in a very short time-frame.

The Solution: CyberEdge’ c-AssurPeople - User Behavior AnalyticsWith these requirements in mind, the customer decided to evaluate CyberEdge’s User Behavior Analytics solution. c-AssurPeople’s advanced machine learning algorithms were exactly

what it needed to complement Splunk and the skills of its own in-house security team. In addition, the fact that these algorithms run on Hadoop allowed the customer to leverage its existing Hadoop big data cluster.

Moreover, c-AssurPeople seamlessly connects to the customer’s Splunk environment, retrieves the log data associated with user login activities, and generates insights into abnormal and suspicious user behaviors for immediate investigation by analysts.

c-AssurPeople also sessionizes the data, giving each event a broader user context. Based on the customer’s specific requirements, CyberEdge also built custom tailored reports to address scenarios related to the company’s proprietary system and data environment.

The first stage of the evaluation was a two-week pilot, whose objective was to exam- ine the ability of c-AssurPeople’s machine-learning algorithms to discover a set of known user-based threats. Not only did c-AssurPeople identify all known threats, it also discovered some unknown scenarios worthy of investigation.

Buoyed by these outstanding results, the customer decided to proceed with full system deployment. This included preparing the system to handle live streams of data from Splunk, as well as building user profiles over a longer time period based on historical data in order to improve algorithm accuracy.

In addition to its machine-learning algorithms, c-AssurPeople system comes with a set of core analyst reports, designed to help analysts identify and investigate common security scenarios (e.g., geo-hopping, VPN exfiltration). Each report includes a dedicated set of tables, widgets, and visualizations that make it easy for analysts to view all information relevant to a given scenario.

c-AssurPeople transforms the

vast amounts of data into a more

visually accessible and

informative format. That means our

analysts can investigate

much faster.

Case study

www.ust-global.com

Case study

UST Global®, 20 Enterprise, Aliso Viejo CA 92656

Phone: (949) 716-8757 Fax: (949) 716-8396

All trademarks are the property of their respective owners. UST Global® Copyright © 2011. All Rights Reserved..

UST Global is a digital technology services company that provides next generation digital solutions for Global 1000 companies. Our mission is to ‘Transform Lives’ using the power of digital technologies and the focus is on digital services and solutions. With a business model of ‘fewer CLIENTS, more ATTENTION’, UST Global strives for excellence in providing our clients with the best service and commitment to long-term client success.

Headquartered in Aliso Viejo, California, UST Global has over 15,000 associates operating in 25 countries across four continents. For more information please visit: www.ust-global.com

The Results: Better Visibility, Reduced Risk, Improved Analyst ProductivityThe company’s Incident Response Team is currently using CyberEdge’s solution in live operations. Security analysts log into c-AssurPeople each day to get an up-to-date overview of the most suspicious user sessions or events, as well as to view alerts sent by the system. Team members can then drill down within c-AssurPeople to investigate a particular event. Specifically tailored analyst reports enable analysts to quickly identify other similar cases that may provide insight into the investigation.

After understanding the user behavior, investigators can use other systems and/or directly communicate with the user to validate a particular action in order to determine whether or not the anomaly points to a potential security breach that needs to be remediated.

Through a fully automated process, c-AssurPeople enables smarter and faster detection of user-based threats that may pose a risk to sensitive customer data. c-AssurPeople’s user behavior analytics gives the organization’s Incident Response Team the added visibility it needs to discover incidents that previously would have gone unnoticed.

Learn more about using user behavioral analytics and other tool and services available to protect your company. Visit www.cyberedge.com

ABOUT CyberEdgeCyberEdge Inc.®, a UST Global Company, is transforming the managed security services sector by providing a comprehensive suite of cybersecurity services, combining military-grade threat intelligence with user behavior & advanced vulnerability analytics.

Our talent intelligence solution detects threats from potential malicious/careless user behavior and compromised user credentials. We correlate suspicious behavior with our threat intelligence to provide a complete people threat picture. We offer tow levels of monitoring; on for all users, and a higher level for privileged users.

CyberEdge is headquartered in Aliso Viejo, California with security centers in Israel and India.