Behavior analytics on-premises
For the vast majority of the companies currently in the market, the core business still happens on-premises. There is where the critical data is located, the majority of the users are working, and the key assets are located. As you know, we covered attack strategies in the first part of this book; the attacker tends to silently infiltrate your on-premises network, move laterally, escalate privilege, and maintain connectivity with command and control until he is able to execute his mission. For this reason, having behavior analytics on-premises is imperative to quickly break the attack kill chain. According to Gartner, it is primordial to understand how users behave, and by tracking legitimate processes, organizations can enlist User and Entity Behavior Analytics (UEBA) to spot security breaches. There are many advantages in using an UEBA to detect attacks, but one of the most important ones is the capability to detect attacks in the early stages and take corrective...