{"id":25814,"date":"2023-08-29T06:03:19","date_gmt":"2023-08-29T06:03:19","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=25814"},"modified":"2026-04-17T18:07:40","modified_gmt":"2026-04-17T18:07:40","slug":"mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/","title":{"rendered":"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><p><\/p>\n\n\n\n<p>In offensive and defensive exercises, attackers will use various attack methods to maximize their objectives, including not only common attack methods but also complex attacks. Phishing email is popular among attackers as the most commonly used and low-cost attack method. Attackers typically use a variety of techniques and deception to send emails with malicious attachments or induced links to trick recipients into obtaining sensitive information, login credentials, or performing malicious operations. Common channels for sending phishing emails include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attackers setting up mailbox servers without permission<\/li>\n\n\n\n<li>Send phishing emails through mailbox accounts registered on public mail servers or compromised internal mailbox accounts of organizations<\/li>\n\n\n\n<li>&acirc;&euro;&brvbar;<\/li>\n<\/ul>\n\n\n\n<p>Because attackers constantly improve their strategies to trick users, traditional rule-based or signature-based detection methods can hardly cope with dynamic and evolving phishing emails.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Enhancing Phishing Mail Protection with UEBA Technology<\/strong><\/h2>\n\n\n\n<p>UEBA (User and Entity Behavior Analytics) technology provides a new method for phishing mail protection. The UEBA baseline analysis refers to the establishment of a legal working behavior pattern of the system or network, which defines normal system or network behavior as a benchmark through observation and analysis of actual conditions. Based on this benchmark, anomalous or possible attack behaviors will be detected. The advantage of UEBA analysis is that it can accurately detect various malicious attack means. It has high intelligence and self-learning ability to automatically learn new network behavior data and continuously improve the model, meaning that it can effectively detect unknown attacks.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors.jpg\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors-1024x707.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25815\" width=\"740\" height=\"510\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors-1024x707.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors-300x207.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors-768x530.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors-600x414.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors-200x138.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Approach-of-detecting-abnormal-behaviors.jpg 1360w\" sizes=\"(max-width: 740px) 100vw, 740px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 1 User and Entity Behavior Analytics (UEBA)<\/figcaption><\/figure>\n<\/div>\n\n\n<p>UEBA on <a href=\"\/?page_id=13602\" target=\"_blank\" rel=\"noreferrer noopener\">NSFOCUS Intelligent Security Operations Platform (ISOP) <\/a>establishes a benchmark by learning users&#8217; behavior patterns and habits in daily email communication, taking email accounts and IP addresses as analysis objects, collecting historical data of email communication, detecting abnormalities that deviate from the normal behavior pattern by dynamically monitoring users&#8217; email behavior in real time, and sending alerts to help security operations teams take timely actions to fend off phishing attacks.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process.jpg\"><img decoding=\"async\" width=\"1024\" height=\"541\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process-1024x541.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25817\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process-1024x541.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process-300x158.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process-768x406.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process-600x317.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process-200x106.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/Phishing-Email-Detection-Process.jpg 1378w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 2 Phishing Email Detection Process<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>UEBA Case Studies<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Case 1:<\/strong><\/h3>\n\n\n\n<p><strong>Background:<\/strong><\/p>\n\n\n\n<p>In an attack and defense drill of a customer, the attacker side did the following actions:<\/p>\n\n\n\n<p>1. The attacker side obtained the mailbox domain name in an organization through social engineering;<\/p>\n\n\n\n<p>2. The attacker side created a phishing email to lure the recipient to click and modify the email password, and changed the FROM field in the header of the email to forge the sender address of the email into the intranet mailbox of the organization, so that the recipient would trust the email source; 3. The attacker sends a pre-made phishing email to a recipient in the organization.<\/p>\n\n\n\n<p><strong>Fast Analysis and Response<\/strong><\/p>\n\n\n\n<p>The UEBA engine of NSFOCUS ISOP detected that the above email activity deviated from the normal email behavior model learned in history, and generated an alert of &#8220;Phishing Activity: FROM Header Forgery&#8221; quickly. The defender side checked this alert on the ISOP platform and found that the suffix of the email sender was inconsistent with the suffix of the forged sender&#8217;s address as shown in the event details payload, and the email subject and body induced the recipient to change the mailbox password. These details proved it was a fraudulent phishing email.<\/p>\n\n\n\n<p>The defender quickly responded to the incident and reminded the recipient not to click on this phishing email, so as to prevent further spread of attacks and effectively prevent subsequent harm of this phishing email.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Case 2:<\/strong><\/h3>\n\n\n\n<p><strong>Background:<\/strong><\/p>\n\n\n\n<p>An internal account of a customer was stolen. The thief used this controlled account to access sensitive system data and transmit data.<\/p>\n\n\n\n<p><strong>Quick Alert, Block, and Retrospection<\/strong><\/p>\n\n\n\n<p>The UEBA engine of NSFOCUS ISOP detected abnormal behaviors exceeding 5 times the historical baseline and generated an alert for the critical event. The security analysts of the customer quickly stopped the loss through the one-click block, and then took deep analysis of this incident by retrospection of the attack path.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Case 3<\/strong>:<\/h3>\n\n\n\n<p><strong>Background:<\/strong><\/p>\n\n\n\n<p>In an attack and defense drill of a customer, a non-target system was exploited through a risky service port by the attacker side. With that, the attacker side obtained a large number of users&acirc;&euro;&trade; passwords, which were applied to other internal systems and further obtained a large amount of sensitive information.<\/p>\n\n\n\n<p><strong>Accurate Behavior Analytics<\/strong><\/p>\n\n\n\n<p>UEBA of NSFOCUS ISOP immediately generated alerts and notified the defender side automatically when it detected the abnormal behavior of a user accessing a rarely used service port many times.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>The UEBA engine of NSFOCUS ISOP uses behavior baseline analysis to monitor and analyze network behaviors in real time. By comparing with the pre-set and self-learning baseline, the system can identify abnormal behaviors that do not conform to expected behaviors, including known and unknown attack behaviors. The UEBA engine protects organizations from abnormal behaviors, helps them discover security weaknesses, and improves overall security.<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>In offensive and defensive exercises, attackers will use various attack methods to maximize their objectives, including not only common attack methods but also complex attacks. Phishing email is popular among attackers as the most commonly used and low-cost attack method. Attackers typically use a variety of techniques and deception to send emails with malicious attachments [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":25819,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3],"tags":[557],"class_list":["post-25814","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-nsfocus-isop"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS<\/title>\n<meta name=\"description\" content=\"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-29T06:03:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors\",\"datePublished\":\"2023-08-29T06:03:19+00:00\",\"dateModified\":\"2026-04-17T18:07:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/\"},\"wordCount\":801,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/UEBA.png\",\"keywords\":[\"NSFOCUS ISOP\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/\",\"name\":\"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/UEBA.png\",\"datePublished\":\"2023-08-29T06:03:19+00:00\",\"dateModified\":\"2026-04-17T18:07:40+00:00\",\"description\":\"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/UEBA.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/UEBA.png\",\"width\":425,\"height\":224,\"caption\":\"Digital magnifying glass with UEBA text.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS","description":"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS","og_description":"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.","og_url":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/","og_site_name":"NSFOCUS","article_published_time":"2023-08-29T06:03:19+00:00","article_modified_time":"2026-04-17T18:07:40+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS","twitter_description":"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors","datePublished":"2023-08-29T06:03:19+00:00","dateModified":"2026-04-17T18:07:40+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/"},"wordCount":801,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png","keywords":["NSFOCUS ISOP"],"articleSection":["Blog"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/","url":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/","name":"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png","datePublished":"2023-08-29T06:03:19+00:00","dateModified":"2026-04-17T18:07:40+00:00","description":"Phishing is one of the most commonly used attack methods. UEBA (User and Entity Behavior Analytics) technology can quickly detect and respond to this kind of attack.","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/08\/UEBA.png","width":425,"height":224,"caption":"Digital magnifying glass with UEBA text."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/mastering-defense-and-understanding-offense-approach-of-detecting-abnormal-attack-behaviors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/25814","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=25814"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/25814\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/25819"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=25814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=25814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=25814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}