What Is UEBA?

UEBA, which stands for user and entity behavior analytics, is software that analyzes user activity data from logs, network traffic and endpoints and correlates this data with threat intelligence to identify activities—or behaviors—likely to indicate a malicious presence in your environment. It uses machine learning technology to baseline “normal” behavior and get smarter over time, and applies both static rules and statistical analysis to rapidly and accurately detect suspicious activity. Using such advanced technology and statistical models, UEBA is a force multiplier for security teams struggling to stay on top of today’s advanced, targeted threats.


Out-of-the-Box Machine Learning

RSA NetWitness UEBA starts working to accurately identify unusual behavior the moment you turn it on. The zero-touch, turn-key approach means there are no rules to set up, no metadata to customize, no long machine training times, and no need to continually tune the underlying models.

Scalable Platform

RSA NetWitness UEBA scales to process billions of events per day and analyze hundreds of thousands of organizational entities. Data collection, enrichment, analysis and investigation capabilities can be streamed or batch loaded on a Hadoop infrastructure.

Innovative Risk Scoring

Rather than alerting on any and all abnormal behaviors, RSA NetWitness UEBA aggregates multiple indicators of suspicious activity and applies a dynamic, statistical risk-scoring mechanism to them. When the risk score exceeds established thresholds, only then does the system produce a high-fidelity alert.

Intelligent Peer Grouping

Since user behavior varies based on individuals’ roles, the type of work they do, their locations and other factors, users shouldn’t be lumped into a single group to create a behavior baseline. RSA NetWitness UEBA uses machine learning to create peer groups and detect deviations within them.


Automated, Continuous Threat Detection

RSA NetWitness UEBA never stops monitoring the huge volume of log, network and endpoint security data that organizations produce. As part of the RSA NetWitness Platform, it correlates its behavioral analysis with threat intelligence and business context to produce focused, actionable alerts for SOC analysts that help to reduce mean time to investigate and respond.

Comprehensive Detection of Unknown Threats

Patented machine learning algorithms alert analysts to a wide variety of threats including compromised accounts, command and control activity, data exfiltration and staging, lateral movement, advanced malware, shared user credentials, privileged user account abuse, geolocation and remote access anomalies, and snooping and reconnaissance.

More Efficient, Effective Analysts

RSA NetWitness UEBA zeros in on suspicious behavior and applies its advanced risk scoring engine to identify and filter the highest priority threats, resulting in fewer false positives and higher-fidelity alerts that are easier for analysts to understand and act upon.

Faster Investigations

RSA NetWitness UEBA accelerates detection and investigation by correlating disjointed events and identifying abnormal activities and user threats in a single user interface. It provides analysts with all the information they need in one spot to rapidly investigate a threat.


Our highly customized and integrated approach towards understanding business and end user needs and translating them into appropriate and effective solutions will ensure efficient operation of IT infrastructure and securing while maintaining compliance with mandatory obligations.

USA: 333 Busse HGWY suite 359A. Park Ridge,IL 60068 

INDIA: B0332 Brigade Meadows, Kanakpura road, Bangalore.