Skip to main content

Glossary

Anomaly – Unusual behavior by a person or machine. On it’s own, an anomaly isn’t necessarily useful. To make is more useful, Exabeam adds context (i.e. what is normal behavior for this person) and risk (i.e. how dangerous is this anomalous behavior). The combination enables analysts to understand the impact of an incident very quickly.

Data Loss Prevention – Both a technique and a type of technology, designed to keep malicious insiders or hackers from leaking or stealing confidential information. DLP products scan emails, files, etc. as they move around the network to determine if they contain confidential information, and if so, to block them. DLP products can be very “noisy” on their own. Exabeam profiles DLP behavior to determine if an alert from a DLP product is normal noise or if it’s serious.

Data Science – The process and techniques related to machine learning and statistical analysis, typically applied to behavioral analytics. Exabeam combines data science with security research to automatically detect unusual and risky behavior.

Incident Response – An organized approach to receiving, reviewing, and responding to a cyber security breach or attack.

Insider Threat – A.K.A. malicious insider, a user who is using his or her access rights to steal confidential information. It’s often difficult to detect this behavior until it’s too late, but Exabeam UEBA can profile each employee’s or contractor’s normal behavior and flag those users who are accessing sensitive data in unusual and risky ways.

Log Management – The process for generating, transmitting, analyzing, storing, and disposing of large volumes of log data created within a computer system.

Ransomware – A type of malware that encrypts files on a workstation or network drive, with the purpose of extracting a ransom for returning the files. Ransomware can be hard to detect, as it changes regularly. Exabeam UEBA applies behavioral analytics to system processes to detect the behaviors common to this type of malware.

Security Intelligence – The information relevant to protecting an organization from internal and external cyber threats as well as the processes, policies, and technology designed to gather and analyze that information.

SIEM (Security Information and Event Management) – Technology that supports threat detection, analytics, and incident response through the collection and correlation of security events from a variety of data sources.

SOAR (Security Operations, Analytics and Reporting) – Security operations, analytic, and reporting technologies that automate an organization’s incident response procedures with incident workflows and playbooks.

SOC 2 – A type of report that addresses an organization’s security and privacy controls. UEBA, and Exabeam in particular, can support a SOC 2 project by implementing and monitoring appropriate controls.

UBA – User Behavior Analytics is the application of machine learning and security research to determine when users are acting in unusual and risky ways. Good UBA doesn’t require static, predefined rules to detect threats, and can therefore evolve along with new techniques.

UEBA – User and Entity Behavior Analytics is the more recent extension of the UBA team. UEBA acknowledges that machines such as servers (i.e. entities) often have embedded account credentials and can access sensitive databases and files. A hacker can compromise an entity and use its embedded credentials to access and steal information.

2017