User Behavior Analytics - UEBA Forum

Dongya Sun
User at a tech company with 501-1,000 employees
Jun 10 2020
I have experience working at one of the leading network security enterprises in China that focuses on technical research, product development, and security services in the network security space. I have been researching different UEBA solutions. What are the benefits UEBA solutions have to offer? Can you recommend a specific solution?  Thanks! I appreciate the help. 
RolandBroersenI would like to recommend ExaBeam to you like the current best UEBA Solution.
RicardoGranadosI recommended Cortex XDR of Palo Alto Networks. You use like sensors the firewall and the endpoints agents.
Huet DominiqueObserveIT, the best.
IT Central Station
Jun 10 2020
How do UEBA solutions help to mitigate different types of insider threats once they have been identified?
Paresh MakwanaIf companies are not mindful of what the remote workforce is doing with confidential information, serious IT crimes such as data breaches, credential abuse, and data exfiltration can go unnoticed. Therefore, learning and predicting risky user behavior patterns is central if your organization has to implement productive and secure work-from-home culture. • Organizational Efficiency - UBA can help the organization to increase the efficiency, creating text logs and video logs for activities from each employee. This insight allows administrators to analyze long-term trends in productivity. The software can then tell supervisors where inconsistencies in productivity lie before looking into the causes. These inefficiencies can range from employee burnout to poorly timed meetings. Tracking trends and learning when and why employees are their most productive is crucial in maximizing performance. Using this data can lead to a better distribution of the workload by identifying employees who may be burnt out. • Centralized policy management for restriction: UBA will be a platform for the organization to manage employees from using certain application and alert will be generated to notify the admin, when the users tries to access that application. Additionally, for certain scenarios, the user can elevate the rights and used that application using UBA • Logs during the attack used for investigation - A privileged user has authorized access to high-value resources, such as a sensitive database, a user-rights management system, or an authentication system. When a hacker obtains privileged-user credentials, the attack can proceed directly to those high-value assets with impunity. The UBA solution will monitor suspicious activity by departed employees or contractors, and identify human errors dealing with or overexposure to sensitive data. During attacks, insider or from outside the logs created by UBA will act as starting point of investigation. How the tool secures an enterprise from IT and Insider threats • The tool enables IT administrators to configure baseline activities on machines as per the centralized policy • Unified data analytics helps enterprises to examine anomalous activities deviating from configured baseline policy • Enables enterprises to record all activities performed by the user on critical applications • Dynamic reports enables enterprises to make better IT security decision • Enables enterprises to do data profiling and anomaly detection • Unified governance framework supports better visibility • It mitigates insider and zero day threats • It offers advanced risk analytics capabilities • Provides endpoint privilege ‘on-demand’ to critical applications
Didier Van Loo
IT Systems and Network Engineer at CSP Zeebrugge Terminal
May 16 2020
I work as an IT systems and network engineer for a small maritime company. We are currently researching UEBA solutions. Which are the best solutions available. Which would you recommend? Thanks! I appreciate the help.