Securing Salesforce with Varonis

Author: Ben Marrable
Release Date: 02/07/2019

UBA - Turn your security detection up to 11

So you’ve setup your SIEM and have a large collection of detective controls alerting you of miss-behavings happening in your environment, potentially even automating the response to those as well. Great, there’s nothing more you can do right, as you have security turned up to the max?

Wrong! Attackers are relentless and your security strategy should never stop, you should always look to be proactive and improve. One thing you can do is utilise the latest power of computing by using machine learning and data science to detect anomalies which do not fit a pattern or a signature, what’s deemed as “unknown threats”. This technique is great for finding malicious insiders who already know the environment and potentially how to avoid your security tools and look like a normal user. It is also great for detecting the most advanced of adversaries even when they leave only subtle traces of their activity.

Splunk UBA Dashboard

So, how do we start using Machine learning, well Splunk provide two ways when it comes to security. A do it yourself Machine Learning Tool Kit to use with Splunk, it is hugely powerful and can give you great possibilities but there’s no point in re-inventing the wheel with security here. So you can look to utilise the power of Splunk User Behaviour Analytics (UBA), a self contained Behaviour analytics technology leveraging data from Splunk. This data is streamed from the Splunk search head and passed through a collection of data models designed to detect anomalies such as: Excessive Data Transmission, or Unusual Network Activity. These anomalies and corresponding events are then fed through another round of data models to detect Threats. Threats are high fidelity alerts combining a collection of events and anomalies presented across the kill chain philosophy, such as: Data Exfiltration by Suspicious User or Device. Threats can then be sent back into your SIEM for triage and event management.

Splunk UBA Alerts Dashboard
Let’s turn security up to 11 with machine learning and Splunk UBA.

More Resources like this one:

Somerford's Added Value Explained
Partner & Customer Testimonials |
Business Value Panel Discussion

Salesforce: How to Defend against Attackers & Rogue Insiders—Ft. Varonis DatAdvantage Cloud (SaaS)

Get in Touch

Contact Ben or the rest of our pre-sales team through our contact form.

Scroll to Top