Skip to main content

UEBA: When "E" Doesn't Stand for "Easy"

Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities. While we are[…]

Topics: data science, ransomware, SECURITY

Finding a Security Unicorn

A recent post on is unlikely to surprise anyone who’s been paying attention to the cybersecurity job market. According to a new Cybersecurity Ventures report, the unemployment rate for cybersecurity jobs is currently zero. On average, there are two open jobs available for every candidate, with over 1 million open IT security positions. Companies are making it worse by trying to hire security unicorns: analysts with skillsets so broad that no person has them[…]

Topics: SECURITY, Uncategorized

Who do I belong to? Dynamic Peer Analysis for UEBA Explained

In user and entity behavior analytics (UEBA), a security alert is best viewed in context as discussed in my past webinar. A user’s peer groups provide useful context to identify and calibrate that user’s alerts. If a user does something unusual on the network, such as logging on to a server or accessing an application for the first time, we may reduce or amplify the risk score of this activity depending on whether the peers[…]

Topics: data science, SECURITY, Uncategorized

No SIEM? No Problem!

What kinds of imagery are conjured up when you think about a Security Operations Center (SOC)?  Perhaps a militaristic setting straight out of the movie War Games, but with upgraded tech? Or maybe a dark room with a few scruffy security analysts staring at a wall full of large monitors while they frantically hammer away on their keyboards? Possibly you’re envisioning a single security engineer wearing a nerdy T-shirt hidden away somewhere in the bustle[…]


The Challenge of Using a SIEM to Detect Ransomware

Ransomware is becoming more common than ever. Corporations both large and small, are increasingly finding themselves the targets of advanced ransomware campaigns. Unfortunately, most security teams haven’t had enough experience with ransomware in corporate environments to stop infections before they run rampant.  This post explores some of the challenges security teams may face when trying to use SIEM correlation rules to identify the behavior and activities associated with a ransomware infection. Zooming out for Greater[…]

Topics: ransomware, SECURITY

Beyond Detection and Response: Hidden Benefits of Exabeam

When I ask our prospective customers why they are interested in UBA and Exabeam specifically, most have a common answer; they are looking to cash in on the promise of deriving usable intelligence out of the vast amounts of data they have spent time and money collecting. Organizations want increased visibility into the activities of users on their network to detect modern attacks and respond quickly. Solving these problems is at the center of what[…]

Topics: benefits, CUSTOMERS

Exabeam Cleans Up At Network Product Guide's 2016 IT World Awards

As a software vendor, it’s always nice when the fruits of hard work, purposeful design decisions, and unwavering focus on customer feedback are recognized.  Recently, Exabeam had the honor of being selected as the recipient of six awards at the 2016 Network Product Guide IT World Awards. Our goal has always been to deliver the exceptional by building products that our customers love using. Being named a winner from IT World Awards serves as a[…]

Topics: awards and recognition

A Forensics Expert's Opinion: Why Exabeam Matters

The size of hard drives, logs, and other data sources has grown immensely in the past few years. I’ve had many different roles within the DFIR (digital forensics and incident response) space, including SOC analyst, incident responder, and forensic examiner, and this massive increase in available data poses challenges in all of those areas.  Fully combing through a multi-terabyte hard drive takes longer than smaller drives. Intrusion investigations can rapidly balloon from one computer to many,[…]


It's Not Always the Hackers...

20 years ago, I was working the graveyard shift as a policeman on the south side of Chicago. Part of the area I patrolled included one of the largest railroad freight yards in the U.S.  Occasionally, we would get calls to assist the railroad police.  On this particular day we received a call to assist with a “theft in progress”. Upon arrival at the railyard, we found a freight train with 50+ rail cars stopped[…]


How to Leverage Behavioral Analytics to Reduce Insider Threat: Your Questions Answered

Last Thursday, we presented a webinar and discussed how UEBA technology can improve Insider Threat detection as well as overall SOC operational efficiency and noise reduction. I would like to thank the participants who were very active and showed interest by asking lots of questions. We felt we owed everyone the answers to the questions that were asked and may or may not have been answered during the webinar. And took the privilege to remove questions[…]

Topics: data science, SECURITY