All news with #ueba tag

🔍 In a sweeping analysis of 25 million enterprise security alerts, researchers found that nearly 1% of confirmed incidents began as low‑severity or informational alerts, rising to about 2% on endpoints. The dataset included 10 million monitored endpoints, 82,000 forensic endpoint investigations with live memory scans, and 180 million files analyzed. The report shows EDR remediation frequently reports systems as 'mitigated' even when memory forensics reveal active malware, and it documents evolving phishing and cloud persistence tactics that evade legacy triage models.

🔍 Microsoft has expanded Microsoft Sentinel UEBA to ingest and enrich AWS CloudTrail alongside other cloud and identity sources, enabling behavioral anomaly detection across hybrid environments from a single pane. The solution delivers precomputed binary behavioral features and machine‑driven anomalies into the BehaviorAnalytics and Anomalies tables, letting analysts stack simple true/false signals such as first‑time geography, uncommon ISP, unusual action, and high operation volume. By shifting baseline management to UEBA, teams reduce heavy KQL baselines, accelerate triage, and surface low‑and‑slow or blended attacker behavior.

🛡️ AI-enabled cyber attacks increasingly mimic legitimate users, rendering signature- and rule-based defenses insufficient. Modern identity security must adopt continuous, context-aware risk modeling that evaluates identity, device and session context in real time to detect subtle deviations. Organizations should extend monitoring across cloud, endpoints and privileged accounts, enforce Just-in-Time (JIT) access and consolidate behavioral analytics with session monitoring and granular controls to limit credential abuse and insider misuse.

🔒 Kaspersky's Unified Monitoring and Analysis Platform SIEM v4.2 integrates AI-driven UEBA to model normal authentication behavior and surface deviations such as atypical login times, unusual event chains, and anomalous access attempts. The release also introduces a new, more efficient correlator that processes events faster with lower resource use, a flexible role model for granular access control, and secure event backup and export capabilities. Together these changes aim to reduce false positives, ease SOC operational load, and improve stability under high event volumes.

😴 At the Global Cyber Conference 2025 in Zurich, CISOs openly confronted a profession-wide exhaustion tied to escalating cyber risk. Tim Brown distilled the anxiety into five core threats: shrinking exploit windows, persistent adversaries, third-party risk, an AI arms race, and staff burnout. The Swiss Cyber Institute's vendor-free format created a trust-based forum where peers share IOCs, run joint table-tops and adopt risk-based patching and UEBA to speed response and restore resilience.