To keep up with the challenges of modern threat environment, organizations have had to rethink their cyber defensive strategies. Traditional perimeter-based defenses are unable to meet the challenge provided by modern threat landscape. Threat actors have become stealthier and more persistent, and the perimeter of the organization has also become less concrete due more widely adapted cloud solutions, IoT and portable personal devices. Organizations are starting to adapt solutions like Zero Trust, but the obstacles provided by the extra access controls are not all-encompassing solution to stop all breaches.

Security Operation Centers monitoring the organizations’ assets are also facing new challenges to produce quality detections for the increasingly advanced attacks. The volume of data that needs to be processed is drastically increasing stretching the traditional automation and analysts’ capabilities to a point where the systems are being overwhelmed. User and entity behavior and machine learning solutions aim to improve this aspect of cyber defense by increasing the chances that compromised user accounts or devices are detected in time by providing more effective processing of the organization’s security data.

Objective of the thesis was to create a process for deployment of user behavior analytics to SIEM product for use in MSSP SOC. Important part of the process was to determine how well the product can be customized for varying customer environments. Initial plan was to test the system and process in a pilot deployment, but due to technical issues with the product in test environment the installation was postponed and left out of the scope of the thesis. The process for the deployment is planned to be used in future deployments for other SOC customers. Key finding is that the product seems promising and customizable for any environment, but without testing any conclusive statement of the benefits cannot be said.