{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"comparison":{"compare":{"en":"Compare","ru":"Сравнить","_type":"localeString"},"characteristics":{"en":"Characteristics","ru":"Характеристики","_type":"localeString"},"additional_template":{"en":"Additional characteristics","ru":"Дополнительные характеристики","_type":"localeString"},"nothing_to_show":{"_type":"localeString","en":"No data to compare","ru":"Нет данных для отображения"}},"header":{"help":{"en":"Help","de":"Hilfe","ru":"Помощь","_type":"localeString"},"how":{"de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString","en":"How does it works"},"login":{"en":"Log in","de":"Einloggen","ru":"Вход","_type":"localeString"},"logout":{"_type":"localeString","en":"Sign out","ru":"Выйти"},"faq":{"de":"FAQ","ru":"FAQ","_type":"localeString","en":"FAQ"},"references":{"en":"Requests","de":"References","ru":"Мои запросы","_type":"localeString"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"_type":"localeString","en":"Blog","ru":"Блог"},"agreements":{"en":"Deals","ru":"Сделки","_type":"localeString"},"my-account":{"_type":"localeString","en":"My account","ru":"Мой кабинет"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"comparison-deletion":{"_type":"localeString","en":"Deletion","ru":"Удаление"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"en":"Get reference from user","_type":"localeString"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"en":"My Company","de":"Über die Firma","ru":"О компании","_type":"localeString"},"about":{"de":"Über uns","ru":"О нас","_type":"localeString","en":"About us"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"ru":"Тарифы","_type":"localeString","en":"Subscriptions","de":"Tarife"},"contact":{"de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString","en":"Contact us"},"marketplace":{"en":"Marketplace","de":"Marketplace","ru":"Marketplace","_type":"localeString"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche","ru":"Подобрать и сравнить"},"calculate":{"_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость"},"get_bonus":{"de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"salestools":{"_type":"localeString","en":"Salestools","de":"Salestools","ru":"Salestools"},"automatization":{"ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation","de":"Abwicklungsautomatisierung"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"en":"Comparison matrix","de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"ru":"Наши социальные сети","_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"_type":"localeString","en":"Privacy Policy","ru":"Политика конфиденциальности"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"en":"Show form","ru":"Показать форму","_type":"localeString"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"en":"This field is required","ru":"Это поле обязательное","_type":"localeString"},"subscribe__notify-label":{"_type":"localeString","en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"en":"Last, first name","ru":"Имя Фамилия","_type":"localeString"},"subscribe__success":{"en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString"},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter","de":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"en":"Registration","ru":"Регистрация","_type":"localeString"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"ru":"Имя","_type":"localeString","en":"First name"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString"},"send":{"en":"Send","ru":"Отправить","_type":"localeString"},"required-message":{"_type":"localeString","en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле"}},"maintenance":{"title":{"en":"Site under maintenance","ru":"На сайте проводятся технические работы","_type":"localeString"},"message":{"ru":"Спасибо за ваше понимание","_type":"localeString","en":"Thank you for your understanding"}}},"translationsStatus":{"comparison":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"comparison":{"title":{"ru":"Сравнить продукты","_type":"localeString","en":"Compare products"}}},"pageMetaDataStatus":{"comparison":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{"30":{"id":30,"title":"UEBA - User and Entity Behavior Analytics","characteristics":[{"id":439,"title":"Hadoop","required":0,"type":"binary"},{"id":437,"title":"Clouds","required":0,"type":"multiselect"},{"id":441,"title":"On-premises software","required":0,"type":"binary"},{"id":443,"title":"Advanced Analytics","required":0,"type":"binary"},{"id":445,"title":"Incident Response","required":0,"type":"binary"},{"id":447,"title":"Machine Learning","required":0,"type":"binary"},{"id":449,"title":"Licensing model all based on identity","required":0,"type":"multiselect"},{"id":1074,"title":"Deep Learning","required":0,"type":"binary"},{"id":1076,"title":"Visibility into users via reports and dashboards","required":0,"type":"binary"},{"id":1078,"title":"Near real-time alerts","required":0,"type":"binary"},{"id":1080,"title":"Forensic Tools","required":0,"type":"binary"},{"id":1082,"title":"Customizable notification","required":0,"type":"binary"},{"id":1084,"title":"Role based reports","required":0,"type":"binary"},{"id":1086,"title":"Threat Intelligence reports","required":0,"type":"binary"},{"id":1088,"title":"Technologies integration","required":0,"type":"multiselect"},{"id":1090,"title":"Log collection from SaaS apps","required":0,"type":"binary"},{"id":1092,"title":"Logs and User context data from Active directory","required":0,"type":"binary"},{"id":1094,"title":"Logs from endpoint security solutions","required":0,"type":"binary"},{"id":1096,"title":"Network flow/Packet data","required":0,"type":"binary"},{"id":1098,"title":"Unstructured contextual data","required":0,"type":"binary"},{"id":1100,"title":"Log collection from OS, apps, services","required":0,"type":"binary"},{"id":1102,"title":"Meta data from electronic communications","required":0,"type":"binary"},{"id":1104,"title":"Statistical models","required":0,"type":"binary"},{"id":1106,"title":"Modelling based rules and signatures","required":0,"type":"binary"},{"id":1108,"title":"Catching users with anomaly behavior on start by baselining model","required":0,"type":"binary"},{"id":1110,"title":"System adaptation to user's dynamic role changes","required":0,"type":"binary"}]}},"comparisonByTemplateId":{},"products":[{"id":2140,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Balabit.gif","logo":true,"scheme":false,"title":"Balabit Blindspotter","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"balabit-blindspotter","companyTypes":[],"description":"Blindspotter is a monitoring tool that maps and profiles user behaviour to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using a unique algorithm, and offers a wide range of outputs from warnings to automatic interventions. Blindspotter is an advanced component of the Contextual Security Intelligence Suite. It discovers previously unknown risks and guides the investigation of threats through CSI Risk. It improves enterprise security and enhances flexibility, without hindering business activities.\r\nBlindspotter is a real-time user behavior analytics (UBA) solution that monitors and analyzes users’ activities, and detects unusual behavior to help prevent theft. Blindspotter collects users’ “digital footprints,” builds a baseline of activities using advanced machine learning algorithms, and detects anomalies in real-time. Malicious insiders acting oddly or and the lateral movements of external attackers are revealed. Blindspotter creates a priority list of events to improve the efficiency of security teams as well. It prioritizes the riskiness of behaviors and focuses on potentially high-risk situations and activities.\r\nAny analytics solution is only as good as the data that feeds it. Blindspotter leverages Balabit’s syslog-ng technology, which is proven and trusted in more than one million installations around the world. It also leverages Balabit’s Identity Access Management technology to analyze high-fidelity recordings of user activities such as screen recordings or command line interaction.\r\nBlindspotter’s uniquely pluggable architecture enables analysis of other user data in addition to logs and IAM recordings. Custom connectors to proprietary APIs can be written within hours, and out-of-the box integration with many commonly-used data sources is standard.\r\nBlindspotter combines the results of several big data models to ensure that attackers cannot fly under the radar, while ensuring that security teams are not overwhelmed by thousands of false alarms. It takes risk exposure levels of individual users into account and prioritizes potential incidents, allowing allows security teams to effectively optimize their efforts.\r\nBlindspotter is the next layer of defense against APTs. Traditional pattern-based solutions or perimeter defenses fail to provide adequate defense against the most dangerous types of attacks.\r\nThe total cost of ownership for Blindspotter is relatively low as it does not require any manual pattern writing, rule definition or updates, and ecurity staff do not need to regularly maintain the solution.","shortDescription":"Balabit Blindspotter is a monitoring tool that maps and profiles user behaviour to reveal human risk, also improves enterprise security and enhances flexibility, without hindering business activities.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":19,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Balabit Blindspotter","keywords":"","description":"Blindspotter is a monitoring tool that maps and profiles user behaviour to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using a unique algorithm, and offers a wide range of outputs from warnings to au","og:title":"Balabit Blindspotter","og:description":"Blindspotter is a monitoring tool that maps and profiles user behaviour to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using a unique algorithm, and offers a wide range of outputs from warnings to au","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Balabit.gif"},"eventUrl":"","translationId":2141,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4303,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4302,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4304,"characteristicId":441,"templateId":30,"value":true},"443":{"id":4305,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4306,"characteristicId":445,"templateId":30,"value":true},"447":{"id":4307,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4315,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4308,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4309,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4310,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4311,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4312,"characteristicId":1082,"templateId":30,"value":true},"1084":{"id":4313,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4314,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":4316,"characteristicId":1088,"templateId":30,"value":"SIEM, IAM, DLP"},"1090":{"id":4317,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4318,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4319,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4320,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4321,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4322,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4323,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4324,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4325,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4326,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4327,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":2142,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Bay_Dynamics__logo_.png","logo":true,"scheme":false,"title":"Bay Dynamics Risk Fabric","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"bay-dynamics-risk-fabric","companyTypes":[],"description":"<p>Risk Fabric is a cyber risk analytics platform that calculates the value at risk associated with specific threats and vulnerabilities, and prescribes actions to measurably reduce cyber risk exposure. Using patented contextual data models and user and entity behavioral analytics (UEBA) technologies, stakeholders across the business common can now have metrics that prioritize remediation activities to the risks that matter most.</p>\r\n<p><span style=\"font-weight: bold;\">Key benefits:</span></p>\r\n<ul>\r\n<li>Proactive identification of exploitable critical systems and applications</li>\r\n<li>Actionable cyber risk insights throughcorrelation of relevant vulnerability and compliance data</li>\r\n<li>Effective response through prioritization and remediation of vulnerabilities</li>\r\n</ul>","shortDescription":"Risk Fabric leverages machine learning and advanced analytics to quantify the mission impact of cyber risk based on actual threats and vulnerabilities detected in the environment.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Bay Dynamics Risk Fabric","keywords":"","description":"<p>Risk Fabric is a cyber risk analytics platform that calculates the value at risk associated with specific threats and vulnerabilities, and prescribes actions to measurably reduce cyber risk exposure. Using patented contextual data models and user and entity","og:title":"Bay Dynamics Risk Fabric","og:description":"<p>Risk Fabric is a cyber risk analytics platform that calculates the value at risk associated with specific threats and vulnerabilities, and prescribes actions to measurably reduce cyber risk exposure. Using patented contextual data models and user and entity","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Bay_Dynamics__logo_.png"},"eventUrl":"","translationId":2143,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4277,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4276,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4278,"characteristicId":441,"templateId":30,"value":"N/A"},"443":{"id":4279,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4280,"characteristicId":445,"templateId":30,"value":true},"447":{"id":4281,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4289,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4282,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4283,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4284,"characteristicId":1078,"templateId":30,"value":"N/A"},"1080":{"id":4285,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4286,"characteristicId":1082,"templateId":30,"value":true},"1084":{"id":4287,"characteristicId":1084,"templateId":30,"value":true},"1086":{"id":4288,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":4290,"characteristicId":1088,"templateId":30,"value":"SIEM, IAM, DLP"},"1090":{"id":4291,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4292,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4293,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4294,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4295,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4296,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4297,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4298,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4299,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4300,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4301,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":2146,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Cynet_logo.jpg","logo":true,"scheme":false,"title":"Cynet 360","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"cynet-360","companyTypes":[],"description":"<p>Cynet 360 is an advanced threat detection and response platform that accurately detects sophisticated cyber-attacks such as Advanced Persistent Threats (APT), advanced malware, trojans, ransomware and zero-day attacks that maybe lurking in an organization.</p>\r\n<p>Cynet&rsquo;s full enterprise visibility of endpoint and network activity allows it to detect threat indicators across the attack chain. Through continuous monitoring across files, user behaviors, network traffic, and endpoints, behavioral and interaction indicators are assessed to give a complete picture of an attack operation over time.</p>\r\n<p>Cynet&rsquo;s machine learning algorithms constantly profile what&rsquo;s normal for a monitored environment; observed anomalies, threat indicators, suspicious traffic, and decoy interactions are correlated and enhanced with Cynet&rsquo;s Threat Intelligence Cloud to provide true alerts of security incidents with risk levels for rapid response triage.</p>\r\n<p>Driven by a light-footprint sensor agent, Cynet can be rapidly deployed to thousands of hosts with Windows, Mac OS, or Linux OS with no impact to the user. Automatic or manual response can be done through a single interface, enabling the remediation of affected hosts by killing processes, verifying files with dynamic analysis, blocking traffic, removing files, restarting hosts, changing passwords and more. Advanced forensic capabilities reveal direct threat evidence on an affected host, and associates the host with processes, users and network traffic data.</p>\r\n<p>Cynet CyOps delivers additional value to the Cynet 360 platform with 24/7 insight and intelligence. Staffed by an elite group of cyber threat analysts and investigators, Cynet&rsquo;s CyOps is an extra set of expert eyes dedicated to continuously monitor, prioritize and respond to threats.</p>","shortDescription":"Cynet 360 uses analytics and machine learning to power its detection of threat behaviors and interactions in an organization.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cynet 360","keywords":"","description":"<p>Cynet 360 is an advanced threat detection and response platform that accurately detects sophisticated cyber-attacks such as Advanced Persistent Threats (APT), advanced malware, trojans, ransomware and zero-day attacks that maybe lurking in an organization.<","og:title":"Cynet 360","og:description":"<p>Cynet 360 is an advanced threat detection and response platform that accurately detects sophisticated cyber-attacks such as Advanced Persistent Threats (APT), advanced malware, trojans, ransomware and zero-day attacks that maybe lurking in an organization.<","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Cynet_logo.jpg"},"eventUrl":"","translationId":2147,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4355,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4354,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4356,"characteristicId":441,"templateId":30,"value":"N/A"},"443":{"id":4357,"characteristicId":443,"templateId":30,"value":"N/A"},"445":{"id":4358,"characteristicId":445,"templateId":30,"value":"N/A"},"447":{"id":4359,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4367,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4360,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4361,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4362,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4363,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4364,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4365,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4366,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4368,"characteristicId":1088,"templateId":30,"value":"N/A"},"1090":{"id":4369,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4370,"characteristicId":1092,"templateId":30,"value":"N/A"},"1094":{"id":4371,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4372,"characteristicId":1096,"templateId":30,"value":"N/A"},"1098":{"id":4373,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4374,"characteristicId":1100,"templateId":30,"value":"N/A"},"1102":{"id":4375,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4376,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4377,"characteristicId":1106,"templateId":30,"value":true},"1108":{"id":4378,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4379,"characteristicId":1110,"templateId":30,"value":"N/A"}}}},{"id":2138,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/darktrace.png","logo":true,"scheme":false,"title":"Darktrace The Enterprise Immune System","vendorVerified":0,"rating":"1.00","implementationsCount":1,"suppliersCount":0,"alias":"darktrace-the-enterprise-immune-system","companyTypes":[],"description":"The Enterprise Immune System is the world’s most advanced machine learning technology for cyber defense. Inspired by the self-learning intelligence of the human immune system, this new class of technology has enabled a fundamental shift in the way organizations defend themselves, amid a new era of sophisticated and pervasive cyber-threats.\r\nThe human immune system is incredibly complex and continually adapts to new forms of threats, such as viral DNA that constantly mutates. It works by learning about what is normal for the body, identifying and neutralizing outliers that do not fit that evolving pattern of normality.\r\nDarktrace applies the same logic to enterprise and industrial environments. Powered by machine learning and AI algorithms, Enterprise Immune System technology iteratively learns a unique ‘pattern of life’ (‘self’) for every device and user on a network, and correlates these insights in order to spot emerging threats that would otherwise go unnoticed.\r\nLike the human immune system, the Enterprise Immune System does not require previous experience of a threat or pattern of activity in order to understand that it is potentially threatening. It works automatically, without prior knowledge or signatures, detecting and fighting back against subtle, stealthy attacks inside the network — in real time.\r\nThe Enterprise Immune System is the service that uses self-learning technology to detect threats and anomalous behaviours. It is compatible with all major Cloud providers (including AWS, Google Cloud Platform and Microsoft Azure). Fully configurable, it allows organisations to monitor all or selected Cloud traffic, with minimal performance impact.\r\n<span style=\"font-weight: bold;\">Features:</span>\r\n<ul> <li>Market-leading AI cyber-threat detection in the Cloud;</li> <li>Detects, classifies and visualises cyber-threats that evade other defences;</li> <li>Self-learning technology - world-leading machine learning and AI;</li> <li>Not reliant on historical attacks to predict new threats;</li> <li>Models understanding of what 'normal' enterprise behaviour looks like;</li> <li>Detects threats emerging in real-time;</li> <li>Detects insider threat, low-and-slow attacks, automated viruses;</li> <li>Self-adapting as the organisation changes: no tuning or reconfiguration;</li> <li>New threat identification, irrespective of threat type or attacker;</li> <li>Rapid identification of anomalous activity providing early threat warning.</li> </ul>\r\n<span style=\"font-weight: bold;\">Benefits:</span>\r\n<ul> <li>Adaptive - evolves with your organisation;</li> <li>Self-learning - system constantly refines its understanding of 'normal';</li> <li>Probabilistic - works out the likelihood of serious threat;</li> <li>Realtime - spots cyber threats as they emerge;</li> <li>Works from day one - delivers instant value;</li> <li>Low false positives - correlation of weak indicators;</li> <li>Data agnostic - ingests all data sources;</li> <li>Highly accurate - models humans, device and enterprise behaviour;</li> <li>Installs in 1 hour - minimal configuration required;</li> <li>Passive monitoring to model 'pattern of life' usage (non-disruptive).</li> </ul>","shortDescription":"Darktrace Enterprise Immune System uses AI algorithms that mimic the human immune system to defend enterprise networks of all types and sizes.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":20,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Darktrace The Enterprise Immune System","keywords":"","description":"The Enterprise Immune System is the world’s most advanced machine learning technology for cyber defense. Inspired by the self-learning intelligence of the human immune system, this new class of technology has enabled a fundamental shift in the way organization","og:title":"Darktrace The Enterprise Immune System","og:description":"The Enterprise Immune System is the world’s most advanced machine learning technology for cyber defense. Inspired by the self-learning intelligence of the human immune system, this new class of technology has enabled a fundamental shift in the way organization","og:image":"https://old.roi4cio.com/fileadmin/user_upload/darktrace.png"},"eventUrl":"","translationId":2139,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."},{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as&nbsp;programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that&nbsp;operators&nbsp;use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4251,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4250,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4252,"characteristicId":441,"templateId":30,"value":"N/A"},"443":{"id":4253,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4254,"characteristicId":445,"templateId":30,"value":true},"447":{"id":4255,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4263,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4256,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4257,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4258,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4259,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4260,"characteristicId":1082,"templateId":30,"value":true},"1084":{"id":4261,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4262,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4264,"characteristicId":1088,"templateId":30,"value":"N/A"},"1090":{"id":4265,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4266,"characteristicId":1092,"templateId":30,"value":"N/A"},"1094":{"id":4267,"characteristicId":1094,"templateId":30,"value":"N/A"},"1096":{"id":4268,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4269,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4270,"characteristicId":1100,"templateId":30,"value":"N/A"},"1102":{"id":4271,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4272,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":4273,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4274,"characteristicId":1108,"templateId":30,"value":true},"1110":{"id":4275,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":2128,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/DNIFF__logo_.jpg","logo":true,"scheme":false,"title":"DNIF User Behavior Analytics","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"dnif-user-behavior-analytics","companyTypes":[],"description":"<p>DNIF User Behavior Analytics provides early visibility to malicious insider threats and risky behavior on your network based on user behavioral anomalies. DNIF outperforms in known, unknown, real-time threat detection and helps organizations improve analyst productivity. Together DNIF SIEM and DNIF User Behavior Analytics can be a powerful tool to swiftly address the most sophisticated threats and accelerate investigations. It is built on ElasticSearch and monitors user behavior efficiently and effectively. It optimises detection profiles for users and entities to detect suspicious behavior and react quickly with 3rd party API lookups.</p>\r\n<p><span style=\"font-weight: bold;\">Key Talking Points:</span></p>\r\n<ul>\r\n<li>Detect outliers based on user account activity.</li>\r\n<li>Using profilers set dynamic baselines.</li>\r\n<li>Detect and normalize user activity trends.</li>\r\n</ul>","shortDescription":"DNIF User Behavior Analytics provides early visibility to malicious insider threats and risky behavior on your network based on user behavioral anomalies.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DNIF User Behavior Analytics","keywords":"","description":"<p>DNIF User Behavior Analytics provides early visibility to malicious insider threats and risky behavior on your network based on user behavioral anomalies. DNIF outperforms in known, unknown, real-time threat detection and helps organizations improve analyst","og:title":"DNIF User Behavior Analytics","og:description":"<p>DNIF User Behavior Analytics provides early visibility to malicious insider threats and risky behavior on your network based on user behavioral anomalies. DNIF outperforms in known, unknown, real-time threat detection and helps organizations improve analyst","og:image":"https://old.roi4cio.com/fileadmin/user_upload/DNIFF__logo_.jpg"},"eventUrl":"","translationId":2129,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4147,"characteristicId":437,"templateId":30,"value":"Yes"},"439":{"id":4146,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4148,"characteristicId":441,"templateId":30,"value":true},"443":{"id":4149,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4150,"characteristicId":445,"templateId":30,"value":true},"447":{"id":4151,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4159,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4152,"characteristicId":1074,"templateId":30,"value":true},"1076":{"id":4153,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4154,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4155,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4156,"characteristicId":1082,"templateId":30,"value":true},"1084":{"id":4157,"characteristicId":1084,"templateId":30,"value":true},"1086":{"id":4158,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4160,"characteristicId":1088,"templateId":30,"value":"SIEM"},"1090":{"id":4161,"characteristicId":1090,"templateId":30,"value":true},"1092":{"id":4162,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4163,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4164,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4165,"characteristicId":1098,"templateId":30,"value":true},"1100":{"id":4166,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4167,"characteristicId":1102,"templateId":30,"value":true},"1104":{"id":4168,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":4169,"characteristicId":1106,"templateId":30,"value":true},"1108":{"id":4170,"characteristicId":1108,"templateId":30,"value":true},"1110":{"id":4171,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":2130,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/dtex_platform.jpg","logo":true,"scheme":false,"title":"Dtex Systems Advanced User Behavior Intelligence","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"dtex-systems-advanced-user-behavior-intelligence","companyTypes":[],"description":"<p>The Dtex Platform is advanced user behavior intelligence that provides enterprise organizations with the critical intelligence that will help them detect and prevent insider-related breaches and, as a result, save organizations millions of dollars. It is used by enterprises worldwide, including companies such as Allianz, Aston Martin Racing, Eni/Saipem, Mizuho Bank and Sanyo. In February 2017, the Dtex Platform was recognized as the Leader in Insider Threat Detection by Cyber Defense Magazine.</p>\r\n<p>Insider threats continue to pose a major risk in the modern cybersecurity landscape. To detect and prevent insider threats, enterprises need visibility and intelligence into user behavior.</p>\r\n<p>Negligent users unintentionally risk security by attempting to find convenient productivity solutions, misunderstanding security practices, or through human error. Employees with malicious intent try to steal sensitive data or intellectual property. Advanced user behavior intelligence can catch these users, even when they are trying to cover their tracks, by identifying and alerting on behaviors that indicate a user may be trying to bypass company network controls or extract proprietary data. By using the industry&rsquo;s most comprehensive library of thousands of known user threat behavior patterns, advanced risk modeling and combined risk scoring, Dtex enables security teams to determine exactly how sensitive data and valuable IP left the organization and who perpetrated the attack without excessive false positives.</p>\r\n<p>The Dtex Advanced Behavior Intelligence Platform is scalable enough to be deployed enterprise-wide without negative impact to network performance. It provides complete visibility into everything users do on their work devices &ndash; on and off the corporate network &ndash; without compromising user privacy. In addition to the thousands of already known patterns of bad behavior, the analytics engine quickly establishes baseline individual user patterns and gives actionable, contextual alerts when anomalies are found. Dtex, helps eliminate insider threats, protect against outside infiltrators, and find gaps in existing security controls.</p>\r\n<p>Dtex is a unique solution. It is lighter and more visibility-focused than DLP, cuts through the noise more effectively than SIEM, and bases its analytics on endpoint visibility that most out-of-the-box UEBA solutions are blind to. It&rsquo;s the combination of thorough endpoint visibility and intelligent, adaptive analytics that is perfectly poised to fill the gaps and weaknesses of other security systems.</p>","shortDescription":"The Dtex Platform is advanced user behavior intelligence that provides enterprise organizations with the critical intelligence that will help them detect and prevent insider-related breaches.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Dtex Systems Advanced User Behavior Intelligence","keywords":"","description":"<p>The Dtex Platform is advanced user behavior intelligence that provides enterprise organizations with the critical intelligence that will help them detect and prevent insider-related breaches and, as a result, save organizations millions of dollars. It is us","og:title":"Dtex Systems Advanced User Behavior Intelligence","og:description":"<p>The Dtex Platform is advanced user behavior intelligence that provides enterprise organizations with the critical intelligence that will help them detect and prevent insider-related breaches and, as a result, save organizations millions of dollars. It is us","og:image":"https://old.roi4cio.com/fileadmin/user_upload/dtex_platform.jpg"},"eventUrl":"","translationId":2131,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4173,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4172,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4174,"characteristicId":441,"templateId":30,"value":"N/A"},"443":{"id":4175,"characteristicId":443,"templateId":30,"value":"N/A"},"445":{"id":4176,"characteristicId":445,"templateId":30,"value":"N/A"},"447":{"id":4177,"characteristicId":447,"templateId":30,"value":"N/A"},"449":{"id":4185,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4178,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4179,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4180,"characteristicId":1078,"templateId":30,"value":"N/A"},"1080":{"id":4181,"characteristicId":1080,"templateId":30,"value":"N/A"},"1082":{"id":4182,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4183,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4184,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":4186,"characteristicId":1088,"templateId":30,"value":"N/A"},"1090":{"id":4187,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4188,"characteristicId":1092,"templateId":30,"value":"N/A"},"1094":{"id":4189,"characteristicId":1094,"templateId":30,"value":"N/A"},"1096":{"id":4190,"characteristicId":1096,"templateId":30,"value":"N/A"},"1098":{"id":4191,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4192,"characteristicId":1100,"templateId":30,"value":"N/A"},"1102":{"id":4193,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4194,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4195,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4196,"characteristicId":1108,"templateId":30,"value":true},"1110":{"id":4197,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":1669,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Elastic.png","logo":true,"scheme":false,"title":"Elastic Stack","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"elastic-stack","companyTypes":[],"description":"Elastic, the company behind Elasticsearch, and the Elastic Stack, the most widely used collection of open source products for solving mission-critical use cases like search, logging, and analytics, has acquired Prelert, a leading provider of behavioral analytics technology. Elastic will integrate the Prelert technology into the Elastic Stack, and will offer it as part of its subscription packages in 2017, giving Elastic customers more capabilities to solve complex use cases such as cybersecurity, fraud detection, and IT operations analytics, among others. Prelert was founded in 2008 to create technology that automates the discovery of anomalies in large, complex datasets, predicts actions and outcomes, and provides enterprises and their end users with a consumable application that doesn't require them to perform data science. Using unsupervised machine learning techniques applied to a customer's historical and real-time continuous data, Prelert's predictive models perform behavioral analytics to understand the probability of failures and events occurring with built-in alerting and notifications for end users to explain 'why' something has happened and 'what' to do with that information. More companies, from startups to large enterprises, are storing large amounts of structured and unstructured data in Elasticsearch. With 'search' becoming the foundation for many of these companies to address their most complex use cases, Prelert built an Elastic Stack integration to provide Elasticsearch users with an automated way to understand the 'why' in their data and take action on 'difficult to see' insights. Combining Elastic's Kibana user interface framework and Prelert's behavioral analytics technology, customers are able to solve common problems in their continuous and ever-growing data, including:\r\n<ul>\r\n<li>detecting advanced security threat activities and anomalies in log data,</li>\r\n<li>discovering hidden fraud patterns in highly sensitive data,</li>\r\n<li>identifying anomalous systems or metrics and their root causes across IT systems,</li>\r\n<li>linking together complex series of events in data to expose early warning signals,</li>\r\n<li>automatically pinpointing where and why critical system outages are occurring,</li>\r\n<li>detecting unexpected drops in transactional activity, and much more.</li>\r\n</ul>\r\n","shortDescription":"Elastic Stack is UEBA.Built on an open source foundation, the Elastic Stack lets you reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Elastic Stack","keywords":"","description":"Elastic, the company behind Elasticsearch, and the Elastic Stack, the most widely used collection of open source products for solving mission-critical use cases like search, logging, and analytics, has acquired Prelert, a leading provider of behavioral analyti","og:title":"Elastic Stack","og:description":"Elastic, the company behind Elasticsearch, and the Elastic Stack, the most widely used collection of open source products for solving mission-critical use cases like search, logging, and analytics, has acquired Prelert, a leading provider of behavioral analyti","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Elastic.png"},"eventUrl":"","translationId":1670,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":1558,"characteristicId":437,"templateId":30,"value":"Yes"},"439":{"id":1557,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":1559,"characteristicId":441,"templateId":30,"value":true},"443":{"id":1560,"characteristicId":443,"templateId":30,"value":true},"445":{"id":1561,"characteristicId":445,"templateId":30,"value":"N/A"},"447":{"id":1562,"characteristicId":447,"templateId":30,"value":true},"449":{"id":1563,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4082,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4083,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4084,"characteristicId":1078,"templateId":30,"value":"N/A"},"1080":{"id":4085,"characteristicId":1080,"templateId":30,"value":"N/A"},"1082":{"id":4086,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4087,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4088,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":4089,"characteristicId":1088,"templateId":30,"value":"N/A"},"1090":{"id":4090,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4091,"characteristicId":1092,"templateId":30,"value":"N/A"},"1094":{"id":4092,"characteristicId":1094,"templateId":30,"value":"N/A"},"1096":{"id":4093,"characteristicId":1096,"templateId":30,"value":"N/A"},"1098":{"id":4094,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4095,"characteristicId":1100,"templateId":30,"value":"N/A"},"1102":{"id":4096,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4097,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4098,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4099,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4100,"characteristicId":1110,"templateId":30,"value":"N/A"}}}},{"id":1660,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Exabeam.png","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/Exabean_Advanced_Analytics_scheme.png","scheme":true,"title":"Exabeam Advanced Analytics","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"exabeam-advanced-analytics","companyTypes":[],"description":"<span style=\"font-weight: bold;\">Complex Threat Identification with Behavioral Analysis</span>\r\nCyberattacks are becoming more complex and harder to find. Often correlation rules can&rsquo;t find the attacks because they lack context or miss incidents they&rsquo;ve never seen &mdash; generating false negatives. Correlation rules also require much maintenance. Advanced Analytics automatically detects the behaviors indicative of a threat. Now teams don&rsquo;t have to spend time with frequently faulty correlation rules.\r\n<span style=\"font-weight: bold;\">Prebuilt Timelines Automatically Reconstruct Security Incidents</span>\r\nAnalysts shouldn&rsquo;t spend days or weeks gathering evidence and constructing timelines of incidents by querying and pivoting through their SIEM. With Advanced Analytics, a prebuilt-incident timeline flags anomalies and displays details of the incident for the full scope of the event and its context. Now analysts can stop spending time combing through raw logs to investigate incidents. What took weeks to investigate in a legacy SIEM can now be done in seconds.\r\n<span style=\"font-weight: bold;\">Dynamic Peer Grouping</span>\r\nUser behavior patterns often differ based on a myriad of attributes, including: the team they are on, what projects they are involved in, where they are located, and more. Thus, behavioral baselines shouldn&rsquo;t be static. Dynamic peer grouping uses machine learning to assign users to groups based on their behavior, then to compare their activity against that of those groups to identify anomalous, risky behavior.\r\n<span style=\"font-weight: bold;\">Lateral Movement Detection</span>\r\nLateral movement is a method attackers use to move through a network by using IP addresses, credentials, and machines in search of key assets. Tracking is difficult because the trace information only tells part of the story. Data must be analyzed from everywhere, linking the attack to the source. The Advanced Analytics patented technology tracks suspected activities even if there are changes to devices, IP addresses, or credentials.\r\n<span style=\"font-weight: bold;\">Asset Ownership Association</span>\r\nAnother time-intensive part of performing a security investigation is the manual process of determining who owns or regularly uses the devices involved in an incident. There isn&rsquo;t a convenient IT database linking devices to their owners, and mobile devices can exist outside of any tracking. Advanced Analytics is able to determine the owner of a device based on their pattern of behavior and interactions.","shortDescription":"Exabeam Advanced Analytics is the world’s most-deployed UEBA solution - Modern threat detection using behavioral modeling and machine learning.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Exabeam Advanced Analytics","keywords":"","description":"<span style=\"font-weight: bold;\">Complex Threat Identification with Behavioral Analysis</span>\r\nCyberattacks are becoming more complex and harder to find. Often correlation rules can&rsquo;t find the attacks because they lack context or miss incidents they&rsq","og:title":"Exabeam Advanced Analytics","og:description":"<span style=\"font-weight: bold;\">Complex Threat Identification with Behavioral Analysis</span>\r\nCyberattacks are becoming more complex and harder to find. Often correlation rules can&rsquo;t find the attacks because they lack context or miss incidents they&rsq","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Exabeam.png"},"eventUrl":"","translationId":1662,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":1530,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":1529,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":1531,"characteristicId":441,"templateId":30,"value":true},"443":{"id":1532,"characteristicId":443,"templateId":30,"value":true},"445":{"id":1533,"characteristicId":445,"templateId":30,"value":"N/A"},"447":{"id":1534,"characteristicId":447,"templateId":30,"value":true},"449":{"id":1535,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":3980,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":3981,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":3982,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":3983,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":3984,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":3985,"characteristicId":1084,"templateId":30,"value":true},"1086":{"id":3986,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":3987,"characteristicId":1088,"templateId":30,"value":"IAM, DLP"},"1090":{"id":3988,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":3989,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":3990,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":3991,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":3992,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":3993,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":3994,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":3995,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":3996,"characteristicId":1106,"templateId":30,"value":true},"1108":{"id":3997,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":3998,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":1667,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/forcepoint_logo.png","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/fp-analytic-platform.png","scheme":true,"title":"Forcepoint User and Entity Behavior Analytics (UEBA)","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"forcepoint-user-and-entity-behavior-analytics-ueba","companyTypes":[],"description":"<span style=\"font-weight: bold; \">Identify Potential Sources of Data Exfiltration and Critical IP Loss</span> Determine users exhibiting risky behavior such as stockpiling and atypical data movement before critical IP leaves your organization. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Advanced Compromised Account Detection</span> By understanding attributes like typical access patterns, prevent bad actors from accessing your critical assets and systems with User and Entity Behavior Analytics (UEBA). <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Be a Partner to Human Resources</span> Analyze communications-based data sources to identify potential code-of-conduct infractions. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Get More Out of Your SIEM Investment</span> UEBA adds context and analytics to SIEM data and provides risk scoring to incidents organized by entity, allowing analysts to prioritize the highest risks. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Perform Context &amp; Content-Rich Incident Response</span> Enable transparent comprehensive investigation with advanced analytics like machine learning and artificial intelligence that are tuned toward specific behavior risk. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Solve Challenges in Data Security and Regulatory Compliance</span> Analyze and detect patterns of human behavior in big data, delivering insights into enterprise risk where threats have surpassed the perimeter. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Automate DLP Policy Enforcement</span> Combine UEBA with Forcepoint DLP to utilize analytic risk scores to dynamically change DLP policies. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Transparency</span> Understandable analytics with simple explanation and context to make informed decisions about possible insider threats. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Configurability</span> There is no one-size-fits-all UEBA solution. Forcepoint allows customers to build their own use cases and develop their own analytics without the need of a data scientist. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Entity Timeline</span> View all historical activity during forensics stage with dynamic visualization. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Detect Seemingly Unrelated Threats</span> Single alerts lack context to data. UEBA uses natural language processing and sentiment analysis for a holistic view of the user. <span style=\"font-weight: bold; \"><br /></span> <span style=\"font-weight: bold; \">Varied Dataset Calculations</span> Data models informed by both structured data, such as SIEM logs, and unstructured data, such as email and chat, from your disparate security tools and third-party applications.","shortDescription":"Forcepoint User and Entity Behavior Analytics (UEBA) is AI-FUELED BEHAVIOR ANALYTICS TO IDENTIFY REAL ENTITY RISK","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint User and Entity Behavior Analytics (UEBA)","keywords":"","description":"<span style=\"font-weight: bold; \">Identify Potential Sources of Data Exfiltration and Critical IP Loss</span> Determine users exhibiting risky behavior such as stockpiling and atypical data movement before critical IP leaves your organization. <span style=\"fon","og:title":"Forcepoint User and Entity Behavior Analytics (UEBA)","og:description":"<span style=\"font-weight: bold; \">Identify Potential Sources of Data Exfiltration and Critical IP Loss</span> Determine users exhibiting risky behavior such as stockpiling and atypical data movement before critical IP leaves your organization. <span style=\"fon","og:image":"https://old.roi4cio.com/fileadmin/user_upload/forcepoint_logo.png"},"eventUrl":"","translationId":1668,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":1551,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":1550,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":1552,"characteristicId":441,"templateId":30,"value":true},"443":{"id":1553,"characteristicId":443,"templateId":30,"value":"N/A"},"445":{"id":1554,"characteristicId":445,"templateId":30,"value":"N/A"},"447":{"id":1555,"characteristicId":447,"templateId":30,"value":true},"449":{"id":1556,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4063,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4064,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4065,"characteristicId":1078,"templateId":30,"value":"N/A"},"1080":{"id":4066,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4067,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4068,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4069,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4070,"characteristicId":1088,"templateId":30,"value":"SIEM"},"1090":{"id":4071,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4072,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4073,"characteristicId":1094,"templateId":30,"value":"N/A"},"1096":{"id":4074,"characteristicId":1096,"templateId":30,"value":"N/A"},"1098":{"id":4075,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4076,"characteristicId":1100,"templateId":30,"value":"N/A"},"1102":{"id":4077,"characteristicId":1102,"templateId":30,"value":true},"1104":{"id":4078,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4079,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4080,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4081,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":2126,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Fortscale__logo_.png","logo":true,"scheme":false,"title":"Fortscale UEBA","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"fortscale-ueba","companyTypes":[],"description":"<p>UBA is growing more sophisticated, using machine learning and big data analysis to precisely identify true malicious activity on a network. The challenge for such solutions is to optimize the use of security analysts' time by avoiding false positives and by giving them complete context when activity is genuinely thought to be malicious.</p>\r\n<p>Fortscale has upped its game in the UBA space with a new release that focuses on those two areas in particular: reducing false positives and providing in-depth insight on anomalies and indicators so a security analyst has everything in one place to conduct an investigation.</p>\r\n<p>Fortscale's UBA solution operates in four stages. The first stage involves ingesting user access data. Rather than deploying agents on the endpoints or other proprietary data collectors, Fortscale ingests data from existing logs that track user access. The data might come from a SIEM or other similar system. Fortscale is focused on profiling user access &ndash; when, where and what kind of access a user had over time &ndash; and this is information that is already commonly collected and stored in logs. All of the data goes straight into an on-premise Hadoop database. Fortscale also takes contextual data from directory services in order to understand who the users are and what access privileges they legitimately have.</p>\r\n<p>The next step is to take all of this user/entity access information and create a baseline profile for each user. This profile looks at users from multiple dimensions, such as what devices a person typically uses to access the network, what a person's typical work hours are, and where he uses a VPN to log into the network. The baseline builds up historical data so the system can see what is considered normal behavior over a duration of time.</p>\r\n<p>The third stage uses data analytics to detect anomalous behavior. Fortscale does this in several ways. One is by comparing a user's current behavior to his historical baseline behavior. For example, maybe he logged in for the first time ever from a distant location at 2:00 AM. This could mean the person is traveling and can't sleep, or it could mean his credentials have been stolen and a malicious actor is using them.</p>\r\n<p>Fortscale also compares a user's activities to those of his peers&mdash;not necessarily peers on the org chart, but people who perform the same kind of duties and job activities. Let's say the user is a code developer in India. Fortscale will compare his access activities to other developers in India, and perhaps to those in other locations as well. If the system detects that this particular user is accessing a specific server and no other developers access that same server, it could be considered anomalous.</p>\r\n<p>Fortscale says it has put a lot of effort into its analytics capabilities to ensure the system understands what is malicious versus simply an unusual action by an employee, with the goal being to weed out false positives.</p>\r\n<p>The result of all this comparison is a risk score for each event and for each user. These scores indicate the most suspicious activity that might require further investigation. And the latest release of the software has added Fortscale Smart Alerts, which package up anomalous events into threat indicators and alerts and then presents them via a dashboard in a prioritized manner. When a security analyst looks at a specific alert, he has the context, the insights and the conclusions with respect to why this anomaly is worth investigating.</p>\r\n<p>User behavior is difficult to predict. That's why deterministic rules don't work well when looking for suspicious activity. UBA is the best type of tool available today to detect malicious insider activity.</p>","shortDescription":"Fortscale's user behavioral analytics solution provides full context when truly malicious behavior is detected.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Fortscale UEBA","keywords":"","description":"<p>UBA is growing more sophisticated, using machine learning and big data analysis to precisely identify true malicious activity on a network. The challenge for such solutions is to optimize the use of security analysts' time by avoiding false positives and by","og:title":"Fortscale UEBA","og:description":"<p>UBA is growing more sophisticated, using machine learning and big data analysis to precisely identify true malicious activity on a network. The challenge for such solutions is to optimize the use of security analysts' time by avoiding false positives and by","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Fortscale__logo_.png"},"eventUrl":"","translationId":2127,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4121,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4120,"characteristicId":439,"templateId":30,"value":true},"441":{"id":4122,"characteristicId":441,"templateId":30,"value":"N/A"},"443":{"id":4123,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4124,"characteristicId":445,"templateId":30,"value":"N/A"},"447":{"id":4125,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4133,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4126,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4127,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4128,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4129,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4130,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4131,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4132,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":4134,"characteristicId":1088,"templateId":30,"value":"SIEM, DLP"},"1090":{"id":4135,"characteristicId":1090,"templateId":30,"value":true},"1092":{"id":4136,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4137,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4138,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4139,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4140,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4141,"characteristicId":1102,"templateId":30,"value":true},"1104":{"id":4142,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":4143,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4144,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4145,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":1663,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Gurucul.png","logo":true,"scheme":false,"title":"Gurucul User and Entity Behavior Analytics (UEBA)","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"gurucul-user-and-entity-behavior-analytics-ueba","companyTypes":[],"description":"<b>Gurucul User and Entity Behavior Analytics (UEBA) uses machine learning models on open choice big data to detect unknown threats early in the kill chain.</b>\r\nUEBA provides the most realistically effective approach to comprehensively manage and monitor user and entity-centric risks. UEBA quickly identifies anomalous activity, thereby maximizing timely incident or automated risk response. The range of Gurucul UEBA use cases is what makes the solution extensible and valuable. It focuses on the detection of risks and threats beyond the capabilities of signatures, rules, and patterns. Using big data, Gurucul provides risk-based behavior analytics delivering actionable intelligence for security teams with low false positives. Gurucul leads the market in demonstrating UEBA results where others cannot. We consume the most data sources out-of-the-box and leverage the largest machine learning library. Additionally, we deliver a single unified prioritized risk score per user and entity. Find threats – unknown unknowns – quickly with no manual threat hunting and no configuration. Get immediate results without writing queries, rules or signatures.&nbsp;\r\n\r\nThe mature capabilities of UEBA provide robust and optimal advanced security analytics. It applies across a range of on-premises and hybrid environments, scoring the gray areas of unknowns and minimizing false positives. The result is improving the focus of ‘find-fix’ resources and optimizing the time of security analysts, efficiency in the SOC, and making operations and people more productive.&nbsp;","shortDescription":"Gurucul User and Entity Behavior Analytics (UEBA) Finds & Stops Threats Immediately with Behavior Based Predictive Risk Scoring","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Gurucul User and Entity Behavior Analytics (UEBA)","keywords":"","description":"<b>Gurucul User and Entity Behavior Analytics (UEBA) uses machine learning models on open choice big data to detect unknown threats early in the kill chain.</b>\r\nUEBA provides the most realistically effective approach to comprehensively manage and monitor user","og:title":"Gurucul User and Entity Behavior Analytics (UEBA)","og:description":"<b>Gurucul User and Entity Behavior Analytics (UEBA) uses machine learning models on open choice big data to detect unknown threats early in the kill chain.</b>\r\nUEBA provides the most realistically effective approach to comprehensively manage and monitor user","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Gurucul.png"},"eventUrl":"","translationId":1664,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":1537,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":1536,"characteristicId":439,"templateId":30,"value":true},"441":{"id":1538,"characteristicId":441,"templateId":30,"value":true},"443":{"id":1539,"characteristicId":443,"templateId":30,"value":true},"445":{"id":1540,"characteristicId":445,"templateId":30,"value":true},"447":{"id":1541,"characteristicId":447,"templateId":30,"value":true},"449":{"id":1542,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":3999,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4000,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4001,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4002,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4003,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4004,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4005,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":4006,"characteristicId":1088,"templateId":30,"value":"SIEM, IAM"},"1090":{"id":4007,"characteristicId":1090,"templateId":30,"value":true},"1092":{"id":4008,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4009,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4010,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4011,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4012,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4013,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4014,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":4015,"characteristicId":1106,"templateId":30,"value":true},"1108":{"id":4016,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4017,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":2124,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/IBM_Qradar.png","logo":true,"scheme":false,"title":"IBM QRradar UBA","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"ibm-qrradar-uba","companyTypes":[],"description":"<p>IBM QRadar User Behavior Analytics (UBA) analyzes user activity to detect malicious insiders and determine if a user&rsquo;s credentials have been compromised. As a component of the QRadar Security Intelligence Platform, QRadar UBA adds user context to network, log, vulnerability and threat data to more quickly and accurately detect attacks. Security analysts can easily see risky users, view their anomalous activities and drill down into the underlying log and flow data that contributed to a user&rsquo;s risk score. QRadar is available in the IBM Security App Exchange and can be downloaded and installed in minutes.</p>\r\n<p><span style=\"font-weight: bold;\">Capabilities:</span></p>\r\n<p><span style=\"font-weight: bold;\">Gain visibility into insider threats.</span> Guard against rogue insiders and cyber criminals using compromised credentials. Uncover anomalous behaviors, lateral movement, threats and data exfiltration─with a user focus.</p>\r\n<p><span style=\"font-weight: bold;\">Extend QRadar security features.</span> The UBA dashboard is an integrated part of the QRadar console and helps extend capabilities of the QRadar Security Intelligence Platform.</p>\r\n<p><span style=\"font-weight: bold;\">Improve analyst productivity.</span> Easily identify risky users. Apply machine learning and behavioral analytics to QRadar security data, calculate users&rsquo; risk scores and only raise alerts on high risk incidents to reduce alert fatigue.</p>\r\n<p><span style=\"font-weight: bold;\">Accelerate time to value.</span> Generate meaningful insights within 24 hours. QRadar clients can download and install the UBA app quickly and easily from the IBM Security App Exchange.</p>\r\n<p><span style=\"font-weight: bold;\">Feature spotlights:</span></p>\r\n<p><span style=\"font-weight: bold;\">Detects insider threats based on user behavioral anomalies</span></p>\r\n<p>User behavior analysis and fine-grained machine learning algorithms can detect when users deviate from normal activity patterns or behave differently from their peers. QRadar UBA creates a baseline of normal activity and detects significant deviations to expose both malicious insiders and users whose credentials have been compromised by cyber criminals.</p>\r\n<p><span style=\"font-weight: bold;\">Generates detailed risk scores for individual users</span></p>\r\n<p>Risk scores dynamically change based on user activity, and high-risk users can be added to a watch list. Security analysts can easily drill down to view the actions, offenses, logs and flow data that contributed to a person&rsquo;s risk score. This helps shorten the investigation and response times associated with insider threats.</p>\r\n<p><span style=\"font-weight: bold;\">Integrates seamlessly with QRadar Security Analytics</span></p>\r\n<p>QRadar UBA integrates directly into the QRadar Security Analytics solution, leveraging the existing QRadar user interface and database. All enterprise-wide security data can remain in one central location, and analysts can tune rules, generate reports and integrate with complementary Identity and Access Management solutions &ndash; all without having to learn a new system or build a new integration.</p>\r\n<p><span style=\"font-weight: bold;\">Available from the IBM Security App Exchange</span></p>\r\n<p>QRadar UBA is packaged as a downloadable app that is independent of the platform&rsquo;s formal release cycles. All current QRadar clients can add this app to QRadar version 7.2.7 or higher to begin seeing a user-centric view of activity within their networks.</p>","shortDescription":"IBM QRadar UBA - приложение для опережающего выявления угроз, анализирующее шаблоны поведения внутренних пользователей, выявляя идентификационные данные или системы, взломанные злоумышленниками.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":6,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"IBM QRradar UBA","keywords":"","description":"<p>IBM QRadar User Behavior Analytics (UBA) analyzes user activity to detect malicious insiders and determine if a user&rsquo;s credentials have been compromised. As a component of the QRadar Security Intelligence Platform, QRadar UBA adds user context to netw","og:title":"IBM QRradar UBA","og:description":"<p>IBM QRadar User Behavior Analytics (UBA) analyzes user activity to detect malicious insiders and determine if a user&rsquo;s credentials have been compromised. As a component of the QRadar Security Intelligence Platform, QRadar UBA adds user context to netw","og:image":"https://old.roi4cio.com/fileadmin/user_upload/IBM_Qradar.png"},"eventUrl":"","translationId":2125,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4038,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4037,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4039,"characteristicId":441,"templateId":30,"value":true},"443":{"id":4040,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4041,"characteristicId":445,"templateId":30,"value":true},"447":{"id":4042,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4050,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4043,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4044,"characteristicId":1076,"templateId":30,"value":"N/A"},"1078":{"id":4045,"characteristicId":1078,"templateId":30,"value":"N/A"},"1080":{"id":4046,"characteristicId":1080,"templateId":30,"value":"N/A"},"1082":{"id":4047,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4048,"characteristicId":1084,"templateId":30,"value":true},"1086":{"id":4049,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4051,"characteristicId":1088,"templateId":30,"value":"SIEM"},"1090":{"id":4052,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4053,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4054,"characteristicId":1094,"templateId":30,"value":"N/A"},"1096":{"id":4055,"characteristicId":1096,"templateId":30,"value":"N/A"},"1098":{"id":4056,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4057,"characteristicId":1100,"templateId":30,"value":"N/A"},"1102":{"id":4058,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4059,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4060,"characteristicId":1106,"templateId":30,"value":true},"1108":{"id":4061,"characteristicId":1108,"templateId":30,"value":true},"1110":{"id":4062,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":1671,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Micro_Focus.png","logo":true,"scheme":false,"title":"Micro Focus Security ArcSight User Behavior Analytics (UBA)","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"micro-focus-security-arcsight-user-behavior-analytics-uba","companyTypes":[],"description":"Micro Focus User Behavior Analytics gives enterprises visibility into their users, making it much easier for them to gain information on behavior patterns to help mitigate threats. Micro Focus User Behavior Analytics gives enterprises visibility into their users, making it much easier for them to gain information on behavior patterns to help mitigate threats. It helps detect and investigate malicious user behavior, insider threat and account misuse. Therefore, it enables organizations to detect breaches before significant damage occurs by finding the adversary faster.\r\n<span style=\"font-weight: bold;\">Micro Focus</span><span style=\"font-weight: bold;\">&nbsp;User behavior Analytics helps you with:</span>\r\n<ul> <li>Lowering the risk and impact of cyber attacks</li> <li>Detect unusual behavior by correlating user identity management with rest of the IT logs from apps and network</li> <li>Achieve faster event resolution to identified threats through deeper integration with SIEM</li> <li>Quick forensics investigation UBA analyzes user related data looking for threats in comparison to peers, historical activity, and/or violations of predefined expected behavior.</li> </ul>","shortDescription":"Micro Focus User Behavior Analytics gives enterprises visibility into their users, making it much easier for them to gain information on behavior patterns to help mitigate threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Micro Focus Security ArcSight User Behavior Analytics (UBA)","keywords":"","description":"Micro Focus User Behavior Analytics gives enterprises visibility into their users, making it much easier for them to gain information on behavior patterns to help mitigate threats. Micro Focus User Behavior Analytics gives enterprises visibility into their use","og:title":"Micro Focus Security ArcSight User Behavior Analytics (UBA)","og:description":"Micro Focus User Behavior Analytics gives enterprises visibility into their users, making it much easier for them to gain information on behavior patterns to help mitigate threats. Micro Focus User Behavior Analytics gives enterprises visibility into their use","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Micro_Focus.png"},"eventUrl":"","translationId":1672,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":1565,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":1564,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":1566,"characteristicId":441,"templateId":30,"value":true},"443":{"id":1567,"characteristicId":443,"templateId":30,"value":"N/A"},"445":{"id":1568,"characteristicId":445,"templateId":30,"value":true},"447":{"id":1569,"characteristicId":447,"templateId":30,"value":"N/A"},"449":{"id":1570,"characteristicId":449,"templateId":30,"value":"Only HP UEBA"},"1074":{"id":4101,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4102,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4103,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4104,"characteristicId":1080,"templateId":30,"value":"N/A"},"1082":{"id":4105,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4106,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4107,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4108,"characteristicId":1088,"templateId":30,"value":"SIEM"},"1090":{"id":4109,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4110,"characteristicId":1092,"templateId":30,"value":"N/A"},"1094":{"id":4111,"characteristicId":1094,"templateId":30,"value":"N/A"},"1096":{"id":4112,"characteristicId":1096,"templateId":30,"value":"N/A"},"1098":{"id":4113,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4114,"characteristicId":1100,"templateId":30,"value":"N/A"},"1102":{"id":4115,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4116,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4117,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4118,"characteristicId":1108,"templateId":30,"value":true},"1110":{"id":4119,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":2144,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Advanced_Threat_Analytics.png","logo":true,"scheme":false,"title":"Microsoft Advanced Threat Analytics","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"microsoft-advanced-threat-analytics","companyTypes":[],"description":"<p>Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats by using information from multiple data-sources in your network to learn the behavior of users and other entities in the organization and build a behavioral profile about them and by leveraging ATA's proprietary network parsing engine to capture and parse network traffic of multiple protocols.</p>\r\n<p><span style=\"font-weight: bold;\">Get peace of mind all day with advanced threat protection</span></p>\r\n<p><span style=\"font-weight: bold;\">Detect threats fast with behavioral analytics</span></p>\r\n<p>No need to create rules, fine-tune, or monitor a flood of security reports with self-learning and advanced, ready-to-analyze intelligence.</p>\r\n<p><span style=\"font-weight: bold;\">Adapt as fast as your attackers</span></p>\r\n<p>Rely on continually updated learning that adapts to the changing nature of your users and business.</p>\r\n<p><span style=\"font-weight: bold;\">Focus on only important events</span></p>\r\n<p>Review the attack timeline for a clear and convenient view of suspicious activity or persistent threats.</p>\r\n<p><span style=\"font-weight: bold;\">Reduce false positive fatigue</span></p>\r\n<p>Receive alerts only after suspicious activities are contextually aggregated and verified.</p>\r\n<p><span style=\"font-weight: bold;\">Prioritize and plan for next steps</span></p>\r\n<p>Get recommendations for investigation and remediation of each suspicious activity.</p>","shortDescription":"ATA is an on-premises platform to help you protect your enterprise from advanced targeted attacks by automatically\r\nanalyzing, learning, and identifying normal and abnormal entity behavior.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":20,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft Advanced Threat Analytics","keywords":"","description":"<p>Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats by using information from multiple data-sources in your network to learn the behavior of","og:title":"Microsoft Advanced Threat Analytics","og:description":"<p>Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats by using information from multiple data-sources in your network to learn the behavior of","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Advanced_Threat_Analytics.png"},"eventUrl":"","translationId":2145,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4329,"characteristicId":437,"templateId":30,"value":"Yes"},"439":{"id":4328,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4330,"characteristicId":441,"templateId":30,"value":true},"443":{"id":4331,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4332,"characteristicId":445,"templateId":30,"value":true},"447":{"id":4333,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4341,"characteristicId":449,"templateId":30,"value":"Yes"},"1074":{"id":4334,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4335,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4336,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4337,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4338,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4339,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4340,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":4342,"characteristicId":1088,"templateId":30,"value":"SIEM, IAM"},"1090":{"id":4343,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4344,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4345,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4346,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4347,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4348,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4349,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4350,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":4351,"characteristicId":1106,"templateId":30,"value":true},"1108":{"id":4352,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4353,"characteristicId":1110,"templateId":30,"value":"N/A"}}}},{"id":2134,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Niara__logo_.png","logo":true,"scheme":false,"title":"Niara Security analytics platform","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"niara-security-analytics-platform","companyTypes":[],"description":"<p>Niara&rsquo;s security analytics platform automates the detection of attacks that have evaded an organization&rsquo;s perimeter defenses (compromised users and hosts, malicious insiders), and empowers security teams with analytics driven visibility for accelerated incident investigation, efficient alert prioritization and amplified threat hunting capabilities.</p>\r\n<p>Niara applies behavioral analytics on a combination of network and security data and provides the following <strong>capabilities</strong>:</p>\r\n<ul>\r\n<li>Comprehensive Entity360 risk profiles for users, hosts and IP addresses;</li>\r\n<li>Stateful record of events across data sources over time to surface high fidelity anomalies;</li>\r\n<li>Multi-dimensional analytics combined innovatively to link anomalous events to malicious intent;</li>\r\n<li>Enables historical views into Entity360 risk profiles;</li>\r\n<li>Calibrates alerts by severity and classifies them by attack stage;</li>\r\n<li>Detection of anomalies&nbsp; such&nbsp; as&nbsp; privilege&nbsp; escalation,&nbsp; credential&nbsp; violations, internal reconnaissance, lateral movement,&nbsp; abnormal&nbsp; access&nbsp; to&nbsp; high&nbsp; value resources, command and control, exfiltration.</li>\r\n</ul>","shortDescription":"Niara security analytics platform provides the most comprehensive solution for detecting cyber attacks inside an organization.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Niara Security analytics platform","keywords":"","description":"<p>Niara&rsquo;s security analytics platform automates the detection of attacks that have evaded an organization&rsquo;s perimeter defenses (compromised users and hosts, malicious insiders), and empowers security teams with analytics driven visibility for acce","og:title":"Niara Security analytics platform","og:description":"<p>Niara&rsquo;s security analytics platform automates the detection of attacks that have evaded an organization&rsquo;s perimeter defenses (compromised users and hosts, malicious insiders), and empowers security teams with analytics driven visibility for acce","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Niara__logo_.png"},"eventUrl":"","translationId":2135,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4225,"characteristicId":437,"templateId":30,"value":"Yes"},"439":{"id":4224,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4226,"characteristicId":441,"templateId":30,"value":true},"443":{"id":4227,"characteristicId":443,"templateId":30,"value":true},"445":{"id":4228,"characteristicId":445,"templateId":30,"value":true},"447":{"id":4229,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4237,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4230,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4231,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4232,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4233,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4234,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4235,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4236,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4238,"characteristicId":1088,"templateId":30,"value":"SIEM, IAM, DLP"},"1090":{"id":4239,"characteristicId":1090,"templateId":30,"value":true},"1092":{"id":4240,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4241,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4242,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4243,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4244,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4245,"characteristicId":1102,"templateId":30,"value":true},"1104":{"id":4246,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":4247,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4248,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4249,"characteristicId":1110,"templateId":30,"value":"N/A"}}}},{"id":2132,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Lightcyber.jpg","logo":true,"scheme":false,"title":"Palo Alto Networks LightCyber","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"palo-alto-networks-lightcyber","companyTypes":[],"description":"<p>LightCyber empowers organizations to detect and stop active attacks in their network. Founded by cybersecurity experts in 2012, LightCyber has been leading the industry in the development of automated behavioral analytics capabilities and uses sophisticated machine learning to quickly, efficiently and accurately identify attacks based on identifying behavioral anomalies inside the network. LightCyber&rsquo;s products have been successfully deployed by top-tier companies in the financial, healthcare, legal, telecom, government, media and technology sectors.</p>\r\n<p>LightCyber detects malicious insiders, targeted external attackers and operationalized malware by monitoring network traffic; learns the behavior of all users and devices; and detects the anomalies that deviate from expected behavior. LightCyber starts with a blank slate and employs unsupervised machine learning to create these baseline profiles. From this ongoing profiling process, LightCyber pinpoints anomalous behaviors that are indicative of an attack or risky user behavior.</p>\r\n<p>Targeted attackers can find ways to compromise systems and infiltrate networks. Once attackers are in the network, they begin a step-by-step process of reconnaissance and lateral movement using networking and admin tools. To stay under the radar, they often avoid using malware or known exploits. However, they still need to understand the network design and find the location of sensitive assets and expand their realm of control to gain access to these assets by conducting reconnaissance and lateral movement.</p>\r\n<p>LightCyber stops attacks early by understanding how users and devices typically behave and by recognizing changes in behavior &ndash; such as a regular user performing administrative activity or scanning rarely accessed file shares &ndash; to stop an advanced attack early and definitively.</p>\r\n<p>The LightCyber approach focuses on network and endpoint traffic, and on activity within the networking traffic, to drive its primary analysis. LightCyber uniquely offers:</p>\r\n<p><span style=\"font-weight: bold;\">Unsupervised machine learning to prevent unknown threats.</span> LightCyber catches post-intrusion activity that does not involve malware or known exploits by learning expected behavior and detecting anomalies indicative of an attack.</p>\r\n<p><span style=\"font-weight: bold;\">Broad inputs to maximize detection accuracy and efficiency.</span> LightCyber analyzes behavior across networks, users and endpoints to automate investigations and confirm suspicious behavior by pinpointing the endpoint process responsible for an attack. To achieve this, it analyzes the process in the cloud.</p>\r\n<p><span style=\"font-weight: bold;\">Attack mitigation across the entire attack lifecycle.</span> LightCyber detects all stages of the attack lifecycle after the initial intrusion, focusing on hard-to-detect, low-and-slow reconnaissance and lateral movement to which most security products are blind.</p>\r\n<p><span style=\"font-weight: bold;\">Integrated remediation to prevent cyberattacks.</span> Because LightCyber accurately detects attacks, it can block compromised devices and disable user accounts automatically, or administrators can do it through the click of a button.</p>\r\n<p>LightCyber extends the ability of the Palo Alto Networks platform to mitigate unknown threats inside the network and root out attackers as they perform low-and-slow reconnaissance, expand control, and attempt to manipulate or steal data.</p>\r\n<p>LightCyber enhances and extends our ability to prevent attacks across the attack lifecycle and especially at the internal reconnaissance and lateral movement stages, which are often important to a successful attack. With LightCyber added to our platform, it can further prevent command-and-control activity and data exfiltration by detecting anomalous behavior. You will gain unrivaled protection against targeted attacks, insider threats, risky behavior and malware inside your network.</p>\r\n<p>Since our inception, Palo Alto Networks has pioneered new ways of tackling seemingly impossible security challenges and, along the way, has provided eye-opening visibility into user and application traffic as well as exceptional breach prevention capabilities. The LightCyber automated behavioral analytics technology represents another step in our evolution of delivering a platform at the forefront of the innovation curve. With the LightCyber technology, our platform will be able to analyze user, endpoint and network behavior and apply machine learning techniques to detect and stop active attackers inside the network who do not rely on malware or vulnerability exploits.</p>","shortDescription":"LightCyber further enhances and extends our ability to prevent attacks at the internal reconnaissance and lateral movement stages of the attack lifecycle, two stages that are often very important.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":7,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Palo Alto Networks LightCyber","keywords":"","description":"<p>LightCyber empowers organizations to detect and stop active attacks in their network. Founded by cybersecurity experts in 2012, LightCyber has been leading the industry in the development of automated behavioral analytics capabilities and uses sophisticated","og:title":"Palo Alto Networks LightCyber","og:description":"<p>LightCyber empowers organizations to detect and stop active attacks in their network. Founded by cybersecurity experts in 2012, LightCyber has been leading the industry in the development of automated behavioral analytics capabilities and uses sophisticated","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Lightcyber.jpg"},"eventUrl":"","translationId":2133,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":4199,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":4198,"characteristicId":439,"templateId":30,"value":"N/A"},"441":{"id":4200,"characteristicId":441,"templateId":30,"value":"N/A"},"443":{"id":4201,"characteristicId":443,"templateId":30,"value":"N/A"},"445":{"id":4202,"characteristicId":445,"templateId":30,"value":"N/A"},"447":{"id":4203,"characteristicId":447,"templateId":30,"value":true},"449":{"id":4211,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4204,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4205,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4206,"characteristicId":1078,"templateId":30,"value":"N/A"},"1080":{"id":4207,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4208,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":4209,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4210,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4212,"characteristicId":1088,"templateId":30,"value":"N/A"},"1090":{"id":4213,"characteristicId":1090,"templateId":30,"value":"N/A"},"1092":{"id":4214,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4215,"characteristicId":1094,"templateId":30,"value":"N/A"},"1096":{"id":4216,"characteristicId":1096,"templateId":30,"value":"N/A"},"1098":{"id":4217,"characteristicId":1098,"templateId":30,"value":"N/A"},"1100":{"id":4218,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4219,"characteristicId":1102,"templateId":30,"value":"N/A"},"1104":{"id":4220,"characteristicId":1104,"templateId":30,"value":"N/A"},"1106":{"id":4221,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4222,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4223,"characteristicId":1110,"templateId":30,"value":"N/A"}}}},{"id":1658,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Securonix_Enterprise.jpg","logo":true,"scheme":false,"title":"Securonix User and Entity Behavior Analytics (UEBA)","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"securonix-user-and-entity-behavior-analytics-ueba","companyTypes":[],"description":"Securonix UEBA threat detection is built on the latest advanced data sciences concepts, and leverages a big data Hadoop technology stack to enable the required supervised and unsupervised machine learning algorithms for highly accurate attack detection and prioritization. Securonix&rsquo;s team of scientists and analysts, led by Chief Scientist Igor Baikalov (former head of security intelligence at Bank of America), continuously builds and updates threat models specific to data sources and industries. With our list of marquee customers, Securonix has the most comprehensive and mature set of behavior-based threat models in the industry. Our research efforts are further bolstered by our Threat Research Labs, focused on threat research, response and behavior analysis based detection of critical attacks and data breaches (like WannaCry, NotPetya and the recent Equifax breach).\r\n<span style=\"font-weight: bold;\">Reduce Your Risk of Insider Threats</span>\r\n<ul>\r\n<li>Build a comprehensive risk profile of every user in your environment, based on identity, employment, security violations, IT activity and access, physical access, and even phone records.</li>\r\n<li>Identify true areas of risk by comparing user activity to their individual baseline, their peer group baseline, and known threat indicators.</li>\r\n<li>Results are scored and presented in interactive scorecards.</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\"><br /></span> <span style=\"font-weight: bold;\">Clear Visibility into Your Cloud</span>\r\n<ul>\r\n<li>Provide cloud-to-cloud monitoring capabilities with built-in APIs for all major cloud infrastructure and application technologies.</li>\r\n<li>Detect malicious activity by analyzing user entitlements and events.</li>\r\n<li>Correlate cloud data and on-premises data to add entity context information.</li>\r\n<li>Analyze end-to-end activities to detect actionable threat patterns.</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\"><br /></span> <span style=\"font-weight: bold;\">Proactive Enterprise Fraud Detection</span>\r\n<ul>\r\n<li>Identify complex fraud attacks that typically escape signature-based detection methods using advanced signatureless behavior and peer-based outlier analysis techniques.</li>\r\n<li>Detect account takeover, anomalous user behavior, transaction fraud, and anti-money laundering violations.</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\"><br /></span> <span style=\"font-weight: bold;\">Revolutionize Your Cloud Security</span> With Securonix Cloud you can enjoy all the capabilities of Securonix Security Analytics Platform, with the convenience of a software-as-a-service (SaaS) solution. It provides security that spans across your cloud infrastructure, data, applications, and access control solutions. Benefit from the quick deployment, easy scalability, and shorter time to value of Securonix Cloud.\r\n&nbsp;","shortDescription":"Securonix User and Entity Behavior Analytics is a software based on Advanced Analytics Powered by Machine Learning","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Securonix User and Entity Behavior Analytics (UEBA)","keywords":"","description":"Securonix UEBA threat detection is built on the latest advanced data sciences concepts, and leverages a big data Hadoop technology stack to enable the required supervised and unsupervised machine learning algorithms for highly accurate attack detection and pri","og:title":"Securonix User and Entity Behavior Analytics (UEBA)","og:description":"Securonix UEBA threat detection is built on the latest advanced data sciences concepts, and leverages a big data Hadoop technology stack to enable the required supervised and unsupervised machine learning algorithms for highly accurate attack detection and pri","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Securonix_Enterprise.jpg"},"eventUrl":"","translationId":1659,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":1523,"characteristicId":437,"templateId":30,"value":"Yes"},"439":{"id":1522,"characteristicId":439,"templateId":30,"value":true},"441":{"id":1524,"characteristicId":441,"templateId":30,"value":true},"443":{"id":1525,"characteristicId":443,"templateId":30,"value":true},"445":{"id":1526,"characteristicId":445,"templateId":30,"value":true},"447":{"id":1527,"characteristicId":447,"templateId":30,"value":true},"449":{"id":1528,"characteristicId":449,"templateId":30,"value":"Yes"},"1074":{"id":3961,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":3962,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":3963,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":3964,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":3965,"characteristicId":1082,"templateId":30,"value":"N/A"},"1084":{"id":3966,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":3967,"characteristicId":1086,"templateId":30,"value":"N/A"},"1088":{"id":3968,"characteristicId":1088,"templateId":30,"value":"SIEM, IAM, DLP"},"1090":{"id":3969,"characteristicId":1090,"templateId":30,"value":true},"1092":{"id":3970,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":3971,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":3972,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":3973,"characteristicId":1098,"templateId":30,"value":true},"1100":{"id":3974,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":3975,"characteristicId":1102,"templateId":30,"value":true},"1104":{"id":3976,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":3977,"characteristicId":1106,"templateId":30,"value":true},"1108":{"id":3978,"characteristicId":1108,"templateId":30,"value":true},"1110":{"id":3979,"characteristicId":1110,"templateId":30,"value":true}}}},{"id":1665,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Splunk_Enterprise.png","logo":true,"scheme":false,"title":"Splunk User Behavior Analytics","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"splunk-user-behavior-analytics","companyTypes":[],"description":"Detect unknown threats and anomalous behavior using machine learning\r\n<ul>\r\n<li>Advanced Threat Detection. Discover abnormalities and unknown threats that traditional security tools miss</li>\r\n<li>Higher Productivity. Automate stitching of hundreds of anomalies into a single threat to simplify a security analyst&rsquo;s life</li>\r\n<li>Accelerate Threat Hunting. Use deep investigative capabilities and powerful behavior baselines on any entity, anomaly or threat</li>\r\n</ul>\r\n<span style=\"font-weight: bold;\">Automatically find unknown threats using machine learning</span>\r\n<ul>\r\n<li>Enhance Visibility and Detection. Automate threat detection using machine learning so you can spend more time hunting with higher fidelity behavior-based alerts for quick review and resolution.</li>\r\n<li>Accelerate Threat Hunting. Rapidly identify anomalous entities without human analysis. Rich set of anomaly types (65+) and threat classifications (25+) across users, accounts, devices and applications.</li>\r\n<li>Augment SOC Resources. Automatically stitch hundreds of anomalies observed across multiple-entities&mdash;users, accounts, devices and applications - to a single threat for faster action.</li>\r\n<li>Better Together: Splunk ES and Splunk UBA. Organizations gain maximum value to detect and resolve threats and anomalies via the power of human and machine-driven solutions by combing Splunk&reg; Enterprise Security and Splunk UBA.</li>\r\n</ul>\r\n","shortDescription":"Splunk User Behavior Analytics - Securing against unkown threats through user and entity behavior analytics","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":8,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Splunk User Behavior Analytics","keywords":"","description":"Detect unknown threats and anomalous behavior using machine learning\r\n<ul>\r\n<li>Advanced Threat Detection. Discover abnormalities and unknown threats that traditional security tools miss</li>\r\n<li>Higher Productivity. Automate stitching of hundreds of anomalie","og:title":"Splunk User Behavior Analytics","og:description":"Detect unknown threats and anomalous behavior using machine learning\r\n<ul>\r\n<li>Advanced Threat Detection. Discover abnormalities and unknown threats that traditional security tools miss</li>\r\n<li>Higher Productivity. Automate stitching of hundreds of anomalie","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Splunk_Enterprise.png"},"eventUrl":"","translationId":1666,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"30":{"437":{"id":1544,"characteristicId":437,"templateId":30,"value":"N/A"},"439":{"id":1543,"characteristicId":439,"templateId":30,"value":true},"441":{"id":1545,"characteristicId":441,"templateId":30,"value":true},"443":{"id":1546,"characteristicId":443,"templateId":30,"value":"N/A"},"445":{"id":1547,"characteristicId":445,"templateId":30,"value":true},"447":{"id":1548,"characteristicId":447,"templateId":30,"value":true},"449":{"id":1549,"characteristicId":449,"templateId":30,"value":"N/A"},"1074":{"id":4018,"characteristicId":1074,"templateId":30,"value":"N/A"},"1076":{"id":4019,"characteristicId":1076,"templateId":30,"value":true},"1078":{"id":4020,"characteristicId":1078,"templateId":30,"value":true},"1080":{"id":4021,"characteristicId":1080,"templateId":30,"value":true},"1082":{"id":4022,"characteristicId":1082,"templateId":30,"value":true},"1084":{"id":4023,"characteristicId":1084,"templateId":30,"value":"N/A"},"1086":{"id":4024,"characteristicId":1086,"templateId":30,"value":true},"1088":{"id":4025,"characteristicId":1088,"templateId":30,"value":"SIEM"},"1090":{"id":4026,"characteristicId":1090,"templateId":30,"value":true},"1092":{"id":4027,"characteristicId":1092,"templateId":30,"value":true},"1094":{"id":4028,"characteristicId":1094,"templateId":30,"value":true},"1096":{"id":4029,"characteristicId":1096,"templateId":30,"value":true},"1098":{"id":4030,"characteristicId":1098,"templateId":30,"value":true},"1100":{"id":4031,"characteristicId":1100,"templateId":30,"value":true},"1102":{"id":4032,"characteristicId":1102,"templateId":30,"value":true},"1104":{"id":4033,"characteristicId":1104,"templateId":30,"value":true},"1106":{"id":4034,"characteristicId":1106,"templateId":30,"value":"N/A"},"1108":{"id":4035,"characteristicId":1108,"templateId":30,"value":"N/A"},"1110":{"id":4036,"characteristicId":1110,"templateId":30,"value":true}}}}],"selectedTemplateId":30},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}