At the TF-CSIRT Meeting and FIRST Regional Symposium Europe 2023 (#FIRSTEU23), I presented “UEBA Prevention Framework for Enterprise Security”, contributing to discussions within the incident response and cybersecurity operations community.
The session introduced a structured framework for user behaviour analytics aimed at standardising how organisations identify, assess, and mitigate human-related cyber risks. While the cybersecurity industry has established standards across many domains, this work focuses on extending that maturity to behavioural analytics by defining a body of knowledge around user behaviours associated with threats and risk exposure.
The framework enables security teams to evaluate their visibility into user behaviour, identify high-risk groups, and deploy targeted preventive measures that maximise security effectiveness. It also provides a strategic perspective for decision-makers, allowing the C-suite to assess the return on investment of preventive cybersecurity initiatives based on measurable behavioural insights.
By shifting the focus from reactive detection to behaviour-driven prevention, this work supports more efficient allocation of security resources and strengthens organisational resilience against evolving threats.