Securing operations with UEBA

Improve detection of insider risks

Insider risks and hackers disguising as legitimate users are top concerns for security professionals today. These threats are often detected a long time after the attack has taken place or may even be left undetected.

Catching those threats requires understanding of typical traffic of the network to detect the anomalies in the network. User and Entity Behaviour Analysis, UEBA, is the tool to catch the threats that remain unnoticed by traditional security measures.

 

Reduces manual effort and identifies new threat fingerprints with

  • Real-time data profiling & anomaly detection
  • Adaptive and automated algorithm base

Enabling UEBA with the help of AI

Combining the PreScope® sensors with artificial intelligence based algorithms enable anomaly detection in high-speed networks. The solution improves detection of malicious insiders or hackers leveraging stolen credentials through UEBA.

The PreScope® sensor monitors the traffic and feeds detailed, real-time traffic statistics to the AI module. The AI module detects hidden threats and re-configures the sensor filters to focus attention on the detected threat actors.

 

 

PreScope with AI

Detecting the unusual behaviour

A malicious insider or a hacker may be transferring large amounts of data outside typical business hours to banned locations. They may have brought new devices into the company network and may use ciphers that are not typical to the company work environment.

All of these anomalies trigger close inspection of the related traffic flows and even full packet capture of those flows linked to detected threats. With real-time alerts, detailed traffic statistics and in-depth information of the incident, threat detection and incident forensics speed up significantly.

Graphs from UEBA