data-transfer-anomalies

Detecting Abnormal or suspicious upload (or) download activity by a user using a Machine learning model. A leading power distribution organization wants to monitor its insider threat using the abnormal or suspicious upload (or) download activity by the user.

CHALLENGES

  • Security threat: Identify malicious insiders who might leak sensitive data from the power utility.
  • False positive reduction: Using traditional SIEM rules generates many false positive alerts, and so focus is to leverage ML capabilities for anomaly detection.

SOLUTIONS

  • Leveraged Splunk Enterprise for integration, aggregation, and cleaning/transformation of data.
  • Utilized Splunk MLTK app to visualize data, model the data and evaluate the model performance.
  • Multiple ML models were evaluated for detecting suspicious uploads (or) downloads activity.
  • The selected model was packaged and deployed in the production environment successfully.

BENEFITS

  • Visibility into insider threats.
  • Reduced false positive alerts.
  • Reduced manual effort around log and alert review.

Monitored Systems/Data Sources: Squid proxy logs.

Users: Security Operation Center Team

Product: Splunk Enterprise

Splunk App:  Machine Learning Tool Kit

# Splunk

Recent Case Studies

Enhancing security operations for a refractory subsidiary
Fueling Infotech growth with Splunk SIEM
Providing security solutions for US-based tech SaaS unicorn

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

logo-img

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © . All Rights Reserved.