Top 8 User Behavior Analytics - UEBA Tools

Securonix Security AnalyticsOne Identity SafeguardSplunk User Behavior AnalyticsCynetExabeamRapid7 InsightIDRManageEngine Log360ArcSight Analytics
  1. leader badge
    There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features.Customer support and making sure that we're successful has been one of the best features, one that we weren't even looking for during evaluation, but that's what we have found.
  2. leader badge
    Being able to use a proxy server is an advantage.It is generally easy-to-use and install.
  3. Find out what your peers are saying about Securonix Solutions, One Identity, Splunk and others in User Behavior Analytics - UEBA. Updated: April 2021.
    479,323 professionals have used our research since 2012.
  4. leader badge
    This is a good security product.The product is at the forefront of auto-remediation networking. It's great.
  5. leader badge
    It provides good protection from ransomware and malware attacks. It is very good as compared to other products. If any threat is there, their support is very good. They immediately respond to the users and do a follow-up. They call us and also provide email support.
  6. It's a very user-friendly product and it's a very comprehensive technology.Exabeam's easy to use.
  7. It is a very stable solution.If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.
  8. report
    Use our free recommendation engine to learn which User Behavior Analytics - UEBA solutions are best for your needs.
    479,323 professionals have used our research since 2012.
  9. The reports that you can run are really nice. The reporting is great. Everything you need is in the report for you already.
  10. The features I have found most valuable are it capabilities for behavioral analytics and anomaly detection.The most valuable feature is the log monitoring.

Advice From The Community

Read answers to top User Behavior Analytics - UEBA questions. 479,323 professionals have gotten help from our community of experts.
Karin Krings
I'm looking for recommendations for software to detect insider threats. Where can I find a Pros/Cons template, customized to organization, to source insider threat detection support?
author avatarXavier Suriol
Real User

I would suggest statistical methods (including machine learning): First, outlier detection. Then, approaches like “Association rules” (=not statistics to explain all the variance in a dataset but to find out tiny observations): for instance, they are useful for DNA prediction of diseases (one or two SNPs among millions of them), a forensic task.


When fraudsters know a tool (a template, a program), the solution is no longer valid. Research is the answer (research software rather than “production” software like in accountability). I mean, research as a step beyond production (only useful in the short term).

author avatarreviewer1324719 (PAM Architect at a tech services company with 11-50 employees)
Real User

This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpoint Management, to protect credentials, govern activities, and detect abnormal activities.


I have about 40 questions I would ask before spitting out a single solution. Without knowing more about your environment I would be slow to start throwing possible solutions, as this will take you days to sort out the differing capabilities and features. You can start by looking at the Gartner Quadrants for PAM tools like BeyondTrust, CyberArk, Centrify, Thycotic, MicroFocus and others. If you spear your specific requirements you may miss bigger threats in your circumference, so use a net, and remedy the surrounding threats in this process.

author avatarKen Shaurette
Real User

You'd need to break out better what you consider to be the types of insider threats. There is fraud; very different in an application system than insider activity that may be simply malicious or results in data loss. You need to identify a baseline of normal activity for each user across files, network, user behavior and the endpoint; correlate abnormal behaviour and lean false positives; that is your software and/or the CyOps team supporting you must. 


Doing that begins to give you some use cases that you can then test to determine if they are important to you and can be supported by your choice(s) of solutions. There may not be one, there may be layers needed, but depending on your choice you may be able to get more in one than with other options. Feel free to contact me off list (LinkedIn) if you'd like a matrix that could be used in a product comparison.

author avatarNorman Freitag
User

Hello All,

I hope you had a merry Christmas.

In this case it is as simple as it is.
Just take Proofpoint ObserveIT - many companies in the public and financial sector have been using it for years.
By the way, it has GDPR conformity, that's especially interesting if you want to go for the EU or California.
It's easy to install, easy to administer, and comes with a huge number of use cases. So the need for customizing is reduced to minimum. It prevents, detects, alerts and tracks all inputs with a minimum of storage needed.

Few Steps
Phase 1, define the architecture and monitor all high-privileged users with the default setup. Then work with Proofpoint or local support to define gaps and customize use cases (only a few days)

Phase 2 roll out to next group of users and so on.

I apologize for this non-technical answer, but sometimes it really is this simple.
You don't need to invent the wheel a second time :)

Would like to wish everyone here a Happy New Year this way.
Please stay healthy


Best Regards


Norman

author avatarreviewer989748 (Security Analyst at a financial services firm with 201-500 employees)
Real User

In addition to responsesfrom Xavier Suriol and reviewer1324719, also consider ObserveIT from Proofpoint.

Dongya Sun
I have experience working at one of the leading network security enterprises in China that focuses on technical research, product development, and security services in the network security space. I have been researching different UEBA solutions. What are the benefits UEBA solutions have to offer? Can you recommend a specific solution?  Thanks! I appreciate the help. 
author avatarRolandBroersen
User

I would like to recommend ExaBeam to you like the current best UEBA Solution.

author avatarHuet Dominique
User

ObserveIT, the best.

author avatarRicardoGranados (Ingram Micro Inc.)
Consultant

I recommended Cortex XDR of Palo Alto Networks. You use like sensors the firewall and the endpoints agents.

author avatarParesh Makwana
Reseller

ARCON | UBA is a robust tool that helps security and risk assessment teams to build a unified governance framework. The solution helps in monitoring users’ access to systems across the network. It collects and correlates detailed information about users’ activities logs and sends alerts if the users deviates from baseline activities. In addition, Application Restriction and Elevation can be implemented to have better access control on End Users working in in different remote locations. Also, UBA Dashboard can assist in investigating anomalous behavior of the Users in real-time. With ARCON | UBA your organization will get value for money. It boosts workforce productivity but at the same time secures access to critical systems.

With ARCON|UBA key benefits like

a) Productivity Enhancement
b) Session Monitoring
c) User Restriction
d) Privilege Elevation
e) Data Loss Prevention
f) User Behavior Analytics
g) Live Dashboard

is given while at the same time you will be meeting all Compliance Requirement’s that is there in your organization.

author avatarHuet Dominique
User

UEBA Providers must embrace specialization. SIEM, DLP, PAM, CASB with UEBA are not able to catch extend data and obtain helpful context, threat detection, behavior profile, early warning and precognition. For that, you must place UEBA neer the users.
ObserveIT, Securonix, Bay Dynamics do this.

https://www.dni.gov/files/NCSC/documents/nittf/National_Insider_Threat_Policy.pdf
https://fas.org/sgp/library/nispom.htm
https://enterprise.verizon.com/resources/reports/verizon-threat-research-advisory-center/

author avatarChetankumar Savalagimath
Real User

Choose as per your infrastructure requirement

Top UEBA solutions are here
Solutions are arranged in alphabetical order, along with features we were able to obtain from vendor information. At the bottom of this article is a chart breaking down some of the features of these top UEBA products.

Aruba
Dtex
Exabeam
Forcepoint
Fortinet
Fortscale
Gurucul
Haystax Technology
Interset
LogRhythm
Microsoft
One Identity
Palo Alto
Preempt
RSA
Securonix
Splunk
Varonis
Veriato
VMware

have a great day

See more User Behavior Analytics - UEBA questions »

User Behavior Analytics - UEBA Articles

Russell Rothstein
Founder and CEO
IT Central Station

Dear IT Central Station member,

Our mission here at IT Central Station is to enable technology professionals like you to share opinions, read reviews, and get unbiased information about software solutions.

We are running a PeerPanel on the topic of UEBA/UBA (user behavior analytics) from IT professionals using Splunk. It's a 30-minute webinar without any vendors presenting or giving pitches. 

It's not sponsored by any vendor.

It's an opportunity for you to hear best practices from your peers in a live webinar format. Followed by open Q&A, so bring your questions!

The topics we will cover in the panel discussion:

- What problem were you trying to solve with UEBA?
- Which vendor(s) did you evaluate and why?
- What do you like most about your current solution?
- What is missing?
- What advice do you give to others who are looking to evaluate UEBA

We think you'll find it useful and informative!

It will take place on Wednesday May 6 at 11am Eastern US time.

If you use Splunk for UEBA/UBA and would like to be a panelist: https://forms.gle/Ct7E2UNArxV8pWns6

You can remain anonymous as a panelist. You will not need to say your name or company name in the PeerPanel. 

To register (free): www.crowdcast.io/e/bkcwtn3j/register

If you register you will get free access to the recording afterwards.

In a market full of vendor hype, we provide free connections between real users to share advice and make better buying decisions.

Thanks!
Russell

Founder and CEO of IT Central Station

Find out what your peers are saying about Securonix Solutions, One Identity, Splunk and others in User Behavior Analytics - UEBA. Updated: April 2021.
479,323 professionals have used our research since 2012.