SBN

Use Advanced Analytics to Defeat Insider Threats

Advance your threat detection by adding user entity and behavior analytics (UEBA) to your security operations solution. By using advanced analytics through machine learning capabilities, LogRhythm UEBA can detect relevant changes in user behavior, giving you greater insight into user activity that would otherwise go undetected, allowing you to catch much earlier potential attacks. The solution seamlessly integrates with the LogRhythm SIEM and is continuously self-evolving without manual intervention, providing value in just weeks.    

At LogRhythm, we have made an ongoing commitment to our customers to release new enhancements and innovations in our products every quarter. We recently enhanced capabilities to LogRhythm UEBA to create a better analyst experience and provide additional threat detection capabilities. 

What’s new in LogRhythm UEBA 

Recently, we released a new model in LogRhythm UEBA that tracks when a user authenticates with a new log source type — either new only for the user in question or new across all monitored users.  An example of “new” would be if a user logs in utilizing a VPN for the first time but other users normally log in via VPN, and an example of “new_across_ids” would be the user logs in for the first-time using VPN and no other user has used VPN before either. In each instance, LogRhythm UEBA would trigger these anomalies. 

With the commitment to keep high fidelity in the models, LogRhythm UEBA  can now identify 0365 services hosts in the logs and understands not to use log location information for user location tracking. By adding this additional feature, anomaly triggers will only take place when relevant, thus decreasing analyst fatigue.  

An improved UI, a new user authentication model, additional identification of O365 Services to Hosts, and updates to user scores adds more context to detection capabilities and enhances the analyst workflow allowing users to take faster action against the constantly changing threat landscape. 

Finally, we introduced user interface improvements in the UEBA lab (Cloud AI lab) that help streamline the analyst workflow. The landing page opens directly in the identity heatmap which is the most widely used feature, giving our customers immediate visibility. A new tab in the menu also enables easier switching between the heatmap page and the asset details page 

As always, customers will value the overall capabilities of LogRhythm UEBA:  

  • Holistic analysis, automatic scoring, and deep visibility into user activity and outliers that would otherwise go undetected  
  • Rapid time to value with machine learning algorithms   
  • Seamless integration with the LogRhythm SIEM   
  • Continuously improved models help users keep up with advanced threats 

Learn more about LogRhythm UEBA 

LogRhythm UEBA expands threat detection coverage on top of the existing out of the box UEBA AI Engine rules that are included with LogRhythm SIEM by detecting outliers and by automatically scoring the observations according to their risk level. LogRhythm UEBA has analytics specifically developed for the purpose of tracking user behavior to detect variations in activity that are hard to detect manually. 

To learn more about LogRhythm UEBA and how it can help your organization, download the UEBA data sheet or watch the on-demand webinar. 

The post Use Advanced Analytics to Defeat Insider Threats appeared first on LogRhythm.

*** This is a Security Bloggers Network syndicated blog from LogRhythm authored by Amy Tierney. Read the original post at: https://logrhythm.com/blog/use-advanced-analytics-to-defeat-insider-threats/