Over the last few years, Artificial Intelligence (AI) has become a strategic and driving force in the fight against fraud and cyber threats, providing analytics on large volumes of data and improving decision making.
Open User and Entity Behaviour Analytics (OpenUEBA) has developed an AI engine that allows the automatic ingestion of heterogeneous logs of entities and users to define behavioural patterns in the network and to calculate exposure to specific threats. In particular, the AI engine allows modelling users through reference profiles that characterise legitimate user behaviours and enables cybersecurity professionals to focus their efforts on those users with risk patterns that make them more likely to be affected by a specific threat.
OpenUEBA is the first data-driven, data-agnostic, open source framework that provides out-of-the-box UEBA techniques, integrating threat intelligence information.
Detection approach is based on the behavioural approach to analyse user and entity patterns, divided into three components to obtain results that allow users to be classified according to the degree of vulnerability to a threat:
- User profile: there is a vector of characteristics representing the user’s current and past behaviour.
- Threat profile: Kill-chain mutations are calculated from threat intelligence sources.
- Exposure calculation: consists of a ranking of users with a high impact of being vulnerable to threats.
Laboratory dedicated to innovation and development in Artificial Intelligence and Cybersecurity. The laboratory has cutting-edge computing and security mechanisms that enable research into new technologies.