User Behavior Analytics - UEBA Features

Read what people say are the most valuable features of the solutions they use.
SVP Insider Threat at a financial services firm with 10,001+ employees
The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack." Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good. View full review »
Edward Ruprecht says in a Securonix Security Analytics review
Lead Cyber Security Engineer at a insurance company with 1,001-5,000 employees
* The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. * There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us. * Finally, there is Spotter. Spotter allows us to search and investigate different events of interest for us. In terms of behavior analytics, we're using cyber more than insider threats. With UEBA being a relatively new space when we looked at it close to two years ago, we were concerned about how well it worked and whether they were truly behavioral-based rules or if that was just marketing terminology for the "latest greatest system." But it exceeds what our initial expectations were for being able to detect different cyber threats. We're doing a lot around the network firewall and endpoint detection for rare process connections, rare network connections, etc. View full review »
Director of Intellectual Property Protection at a pharma/biotech company with 1,001-5,000 employees
There are a number of things that are very useful. What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at. The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to go through, using Microsoft Excel and a couple of other methods, to bring data together. The third feature is the ability to create watch lists that highlight specific predefined events in a separate window - or widget, as they call it. If I want to highlight something of interest without changing the risk score, or affecting any of the threat or risk models that we have in place, I can create a watch list. It moves those events to an area where an analyst will see them, first thing, without changing any scores or any other manipulation of data. I can highlight events that way. View full review »
Ramasamy Balakrishnan says in a DNIF review
CEO at Irisk Assurance Consultancy Services Pvt Ltd
The solution is based on a big-data platform and the response time on queries is super-fast. That's why we like this solution. It is 30 times faster than traditional SIEMs. It provides responses to queries within a minute. That's the most impressive feature we have found in this product. Also, the UBA, the User Behavior Analytics, is a built-in threat-hunting feature. It detects and reports on any kind of malware or ransomware that enters the network. That's an amazing feature of this product. View full review »
reviewer1081059 says in an One Identity Safeguard review
IT Security Consultant at a tech services company with 11-50 employees
The solution's most valuable features are the efficiency and the quality of the recording. View full review »
reviewer1216335 says in an One Identity Safeguard review
Security Engineer at a tech services company with 201-500 employees
The way the solution is installed and deployed is very valuable. They make it very easy. The two-factor identification is very good. For the web portal, you need to implement a jump sever. It's not a native HTML protocol. This is probably one of the most important features in the solution. View full review »
reviewer1175688 says in a Cynet review
CEO with 201-500 employees
The feature I find most valuable is the reality graphical user interface, which I think is really different from the others on the market. I also like the audit function that is included in the standard version. View full review »
reviewer868584 says in a LogRhythm Enterprise UEBA review
Senior Solutions Specialist (Network & Security) at a comms service provider with 1,001-5,000 employees
The solution's most valuable features are the graphical user interface and the reporting. View full review »
Ahmed Naguib, Ccie Voice says in an ArcSight Analytics review
Cyber Security Manager at Malomatia
The ability to correlate different logs is the solution's most valuable feature. View full review »
Yi Liu says in a Securonix UEBA review
Principal Member of Technical Staff at AT&T
The aggregation library is definitely very comprehensive. It covers a lot of use cases. Also, the feature dashboard is very well organized and intuitive to use. It organizes information on a timeline which is exactly what we need for insider threat future-analysis. Data insights are where we can not only look at items but can visualize the activity trends over a period of time and compare them across organizations. That's very useful for us. The algorithms surface the exact indicators that we need for the purpose of insider threat detection. That is something that we have not always found is the case with other vendors we have evaluated. We consider cyber indicators as part of insider threat detection. We don't look at them in silos. We correlate them and look at them from a holistic point of view. The algorithm for surfacing those relevant indicators is very comprehensive. We almost find everything we need to surface the indicators we want. We're very impressed with that. View full review »
Information Security Specialist at a financial services firm with 201-500 employees
The most valuable features are the indexing and powerful search features. View full review »
General Manager at Hayyan Horizons
The solution offers good searching and allows for easy creation of dashboards and reports. It's intuitive and not very difficult. You just need to learn the SPL, Search Processing Language, in Splunk. This also helps you to clear more advanced use cases. Integration is very easy as well. It's quite good. If you want to add more devices and solutions, or other technologies for monitoring, it's easily done in Splunk, with all its firewalls, its switches, and network devices. View full review »
Senior Security Engineer at a government with 1,001-5,000 employees
It's a component that is easy to configure and easy to use. They have familiar and friendly dashboards for the users. You can make a lot of the dashboards if you want to integrate with it. If you have the basic skills and basic codes you can just create more use cases. You can also have alert systems. You have a lot of different alerts that you can use. You can integrate with all the applications and scripts, like with Kaspersky. We integrate multiple publications with this product. View full review »
Security PS Supervisor at a tech services company with 1,001-5,000 employees
Splunk is a very powerful platform. It's a machine data platform, and it can provide several models that use the same appliance and on the same platform, including some business platforms. I do believe when it comes to functionality and ease of use, Splunk is one of the market leaders in this area. When it comes to quality, I believe Splunk is the easiest platform on the market. It has a lot of subscripts, and a lot of licenses, which can provide the customer with all the requirements they need. The solution has some predefined use cases that we count on. It's a customizable platform as well, which can be easily customizable based on the customer requirements and the environment itself. It provides ease of use. It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirements. It can help the customer to design or to actually plan their own roadmap. And it can be rolled out in several phases. View full review »
Senio9887 says in an ArcSight Analytics review
Senior Information Security Analyst at a tech services company with 501-1,000 employees
This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard. The parallel logic to create queries is very helpful. View full review »
Nono Bonnet says in an ArcSight Analytics review
Analyst at Orange
This solution allows us to identify connections for all users. We can see the name, login time, IP address, and other information for each connection to each server. View full review »
Bechara Abou Rahal says in an ArcSight Analytics review
Software Engineer at BMB
The two most valuable features of this solution are its stability and scalability. View full review »
SenrSyseng67 says in an ArcSight Analytics review
Senior Systems Engineer at a tech services company with 501-1,000 employees
All the features are valuable for us because we use all of them. It's like any other ESM (Enterprise Service Management) solution. You can use how you want to. It depends on the reports, on the correlation rule alerts, notifications, dashboards, all of the business rules. It is very important for most of the clients. Most of the clients need to cover their BPI (Business Process Insight). They generate a lot of records to provide them for BPI department or risk department. That could be including their Instagram, or checking that the system's working fine, and information collected by the SIEM (Security Information and Event Management). View full review »
reviewer1161345 says in an One Identity Safeguard review
User with 10,001+ employees
The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand. Complete indexing on SSH sessions means that all commands are searchable after indexing. View full review »
Chief Technology Officer at a tech vendor with 51-200 employees
When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases. Our number-two criterion comes from the fact that we are a cloud-first company, so we needed a solution that would work in the cloud and work with the cloud. Working in the cloud means it would be a service, a SaaS offering. And working with the cloud means it would integrate with our cloud applications and monitor our cloud environment. Their product was the most-ready SaaS product in the industry. The solution's cloud-monitoring functionality is the only thing we use, because we are a cloud company. Our Office is Office 365, our HR system is BambooHR. Everything we use is hosted in the cloud. So cloud monitoring is the number-one use case for us. In addition to those applications, the solution monitors Salesforce, which our sales team uses, Concur, which is our time and expense system, and it monitors our own application that we use for providing service to our customers. And finally, it monitors our AWS environment. They have done a great job building the API-based connectors so they can automatically pull data from these applications. They have packaged use-cases that they provide us and, in certain applications, those use-cases are still a work in progress. But I feel confident that the content they have is good and they're improving on it continuously. There's a lot of development that happens on the cloud front. For example, Office365 changes every three months. Cloud applications are new so there's a lot that goes on with these applications. So vendors have to keep updating their content to align with where the cloud application is. Securonix is doing a good job of staying abreast with the latest and greatest developments on the cloud-vendor side and updating their content. A lot of their competition is very poor. We had QRadar in our environment but it couldn't even connect to Office365. From there to where we are today, it's a huge improvement. View full review »
Leader - Investigations, Insider Threat at a tech services company with 1,001-5,000 employees
The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case. The solution's behavior analytics, in detecting cyber and insider threats, are good. The tool does what it's supposed to, as long as the data coming in is accurate. View full review »
CEO/Executive Director at Iconic Engines
One of the most valuable features it has is the threat chaining. One of the common issues that we always had was the number of anomalies that we used to get and the number of alerts that we used to get. But with this approach of thread chaining, we've found the false-positive rate has decreased very significantly. That was something that we never could have achieved before. It also has the ability to detect low and slow stuff. Whenever we've had any dormant issues or dormant malware - dormant processes which get executed much later - it has tremendously helped us with that. View full review »
IT Project Manager at a manufacturing company with 10,001+ employees
The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects, files from either the engineering or the homegrown application. It's very easy to see people's patterns, what they typically do. The system might identify somebody who is engaging in anomalous behavior. Especially with the product's rev 6, there are a lot of tools to go in and do investigations, even without talking to the person, to try to determine what were they doing. Is it a case that they normally don't do something but this looks like a legitimate action, or is it something we need to investigate? That is pretty neat. View full review »
SeniorEnc89a says in a Varonis Datalert review
Senior Engineer at a tech services company
The analytics would have to be our most valuable feature because when you look at how we build profiles as to how people usually use the system, how they access data, it can alert or detect when people are doing things that are contrary to that normal behavior. View full review »
Director of Technology at a insurance company with 10,001+ employees
The most valuable feature is being able to take data and put it into other systems so that we could see the output and see where we need to apply our focus. View full review »
Sign Up with Email