SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.
A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.
EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.
SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.
Versa UEBA incorporates GraphML to generate insights and detect anomalies in user relationship graphs.
Anomaly and behavior detections are just the first step. We then need to quickly pivot into building the forensics to inform response and remediation. This can involve determining the origination point of a malicious activity or an attack and building the scope and scale of a potential breach.
The Versa approach
With UEBA relationship graphs helps forensic analysts explore the connections between various entities like users, devices, locations, gateways, applications etc to spot anomalies and investigate security incidents. By using GraphML, analysts can visually determine the scale and root cause of an incident, as well as assess its potential reach. This method provides a clear visualization of network relationships, which is critical for effectively responding to and understanding security threats.
Example: Conducting Forensics
The following is a simple example. In this scenario, ‘Johnacr’ has previously triggered an alert for anomalous and potentially malicious behaviors- specifically tied to files that he wouldn’t be expected to access. With our relationship graphs, we were able to see the apps, resources and locations that are associated with the his activities.
To build the forensics thread, the analyst clicks on the first app that the user has accessed. This then gives additional pathways to other users who have accessed this app. In this case, we see that user ‘gopetlr12@” has also accessed this app.
Expanding the view, we are then able to see that the credentials for ‘gopeltr12’ has been accessing resources from two locations and accessing an unapproved application.
A click into the user profile then highlights that this user has a history of behaviors that access confidential information with likely movement into aggregation / staging servers. This has contributed to a lower user confidence score.
With a flexible platform that allows you to pivot between the ‘entities’ in a workflow or relationship. The alerts generated by the UEBA platform can be consumed via email, viewed on the dashboard, or integrated into third party dashboards and automation agents via Kafka clients.We have several examples for how post-detection forensics can be accelerated with automation and visualization of relationships. We’d be happy to share them – please reach out and I’d be happy to share more of what we observe our communities are doing.
