Flag suspicious file and user activities that indicate sufficient risk for intervention by business management. This user and entity behavior analytics (UEBA) solution applies sophisticated rule-based modeling to data sources to establish normal patterns of behavior and help determine suspicious activities. Analysis can reduce the possibility of insider threats, since they are difficult to detect due to privileged users having specific knowledge of security controls and methods to bypass them.
Managing insider threats – leveraging UEBA
Detect event anomalies
Detect event anomalies, such as logins with user IDs of former employees, a given user logging in from multiple locations simultaneously, or unauthorized users retaining an excessive numbers of sensitive files.
Monitor file based risks
Monitor file based risks, such as unauthorized users’
attempts to decrypt confidential files.
Monitor user based risks
Monitor user based risks, such as decrypting files more frequently than usual, printing more files than usual after regular business hours, or sending files to external recipients more than usual.