Previously, we did not have visibility into some of the behaviors until we had this tool. Only then we were able to surface those behaviors. An example is that people can log into VPN at night from another country - people actually do that all the time - and that's the leading cause of a credential compromise scenario. We did not have visibility into that before so we couldn't figure out what was going on there to come up with a mitigation plan. Now we can make data-driven decisions to mitigate that vulnerability.

Securonix has enabled our team to focus on threats rather than on engineering of the platform. Algorithms deliver through the program platform. We just go into the system, point and click and pick and choose algorithms that are needed to satisfy the use case. So we don't have to write any code. We don't have to write any customizations.

The solution has also decreased the time required to investigate alerts or threats because we don't have to sort through or do the log analysis. We don't have to look at individual log entries to figure out what's going on. Now, the system has ingested the data and it has derived intelligence from those raw records. They're visualized and assembled on the timeline and presented on the dashboard. You can imagine how much that's going to save an analyst's time in investigating or knowing what's going on. And in some cases, it's even night and day, meaning it has gone from impossible to possible. In those cases the amount of decrease in time would not even be applicable, for good reason. In other cases, the time it saves us is approximately 30 to 40 percent.

Securonix UEBA also helps to surface high-risk events that require immediate attention or action. It gives us the ability to prioritize the risk. That is a focus in the design of the platform. There are many ways it allows users to prioritize the risks that are very important, per that organization's threat landscape. It's either done through re-scoring boosting or you can craft a segregated dashboard to focus on something. You can also have a targeted user-list on which you want to focus the monitoring. There are many ways to pick and choose and combine to meet our prioritization requirements.

The solutions Hadoop-based platform has definitely also provided operational benefits. We talk about the "three V's," the challenges in dealing with big data. Data is high in volume, it changes all the time - the loss is very high - and it can be unstructured. By basing the platform on the Hadoop big-data platform, versus a single SQL database, it definitely meets the requirements for monitoring.