What Is UEBA?
UEBA, which stands for user and entity behavior analytics, is software that analyzes user activity data from logs, network traffic and endpoints and correlates this data with threat intelligence to identify activities—or behaviors—likely to indicate a malicious presence in your environment. It uses machine learning technology to baseline “normal” behavior and get smarter over time, and applies both static rules and statistical analysis to rapidly and accurately detect suspicious activity. Using such advanced technology and statistical models, UEBA is a force multiplier for security teams struggling to stay on top of today’s advanced, targeted threats.
Out-of-the-Box Machine Learning
RSA NetWitness UEBA starts working to accurately identify unusual behavior the moment you turn it on. The zero-touch, turn-key approach means there are no rules to set up, no metadata to customize, no long machine training times, and no need to continually tune the underlying models.
RSA NetWitness UEBA scales to process billions of events per day and analyze hundreds of thousands of organizational entities. Data collection, enrichment, analysis and investigation capabilities can be streamed or batch loaded on a Hadoop infrastructure.
Innovative Risk Scoring
Rather than alerting on any and all abnormal behaviors, RSA NetWitness UEBA aggregates multiple indicators of suspicious activity and applies a dynamic, statistical risk-scoring mechanism to them. When the risk score exceeds established thresholds, only then does the system produce a high-fidelity alert.
Intelligent Peer Grouping
Since user behavior varies based on individuals’ roles, the type of work they do, their locations and other factors, users shouldn’t be lumped into a single group to create a behavior baseline. RSA NetWitness UEBA uses machine learning to create peer groups and detect deviations within them.
Automated, Continuous Threat Detection
RSA NetWitness UEBA never stops monitoring the huge volume of log, network and endpoint security data that organizations produce. As part of the RSA NetWitness Platform, it correlates its behavioral analysis with threat intelligence and business context to produce focused, actionable alerts for SOC analysts that help to reduce mean time to investigate and respond.
Comprehensive Detection of Unknown Threats
Patented machine learning algorithms alert analysts to a wide variety of threats including compromised accounts, command and control activity, data exfiltration and staging, lateral movement, advanced malware, shared user credentials, privileged user account abuse, geolocation and remote access anomalies, and snooping and reconnaissance.
More Efficient, Effective Analysts
RSA NetWitness UEBA zeros in on suspicious behavior and applies its advanced risk scoring engine to identify and filter the highest priority threats, resulting in fewer false positives and higher-fidelity alerts that are easier for analysts to understand and act upon.
RSA NetWitness UEBA accelerates detection and investigation by correlating disjointed events and identifying abnormal activities and user threats in a single user interface. It provides analysts with all the information they need in one spot to rapidly investigate a threat.