Anomaly – Unusual behavior by a person or machine. On it’s own, an anomaly isn’t necessarily useful. To make is more useful, Exabeam adds context (i.e. what is normal behavior for this person) and risk (i.e. how dangerous is this anomalous behavior). The combination enables analysts to understand the impact of an incident very quickly.
Data Loss Prevention – Both a technique and a type of technology, designed to keep malicious insiders or hackers from leaking or stealing confidential information. DLP products scan emails, files, etc. as they move around the network to determine if they contain confidential information, and if so, to block them. DLP products can be very “noisy” on their own. Exabeam profiles DLP behavior to determine if an alert from a DLP product is normal noise or if it’s serious.
Data Science – The process and techniques related to machine learning and statistical analysis, typically applied to behavioral analytics. Exabeam combines data science with security research to automatically detect unusual and risky behavior.
Insider Threat – A.K.A. malicious insider, a user who is using his or her access rights to steal confidential information. It’s often difficult to detect this behavior until it’s too late, but Exabeam UEBA can profile each employee’s or contractor’s normal behavior and flag those users who are accessing sensitive data in unusual and risky ways.
Ransomware – A type of malware that encrypts files on a workstation or network drive, with the purpose of extracting a ransom for returning the files. Ransomware can be hard to detect, as it changes regularly. Exabeam UEBA applies behavioral analytics to system processes to detect the behaviors common to this type of malware.
SOC 2 – A type of report that addresses an organization’s security and privacy controls. UEBA, and Exabeam in particular, can support a SOC 2 project by implementing and monitoring appropriate controls.
UBA – User Behavior Analytics is the application of machine learning and security research to determine when users are acting in unusual and risky ways. Good UBA doesn’t require static, predefined rules to detect threats, and can therefore evolve along with new techniques.
UEBA – User and Entity Behavior Analytics is the more recent extension of the UBA team. UEBA acknowledges that machines such as servers (i.e. entities) often have embedded account credentials and can access sensitive databases and files. A hacker can compromise an entity and use its embedded credentials to access and steal information.