Protecting sensitive data against loss or theft is the most common application for user and entity behavior analytics (UEBA) solutions. Confidential information lives in a variety of types of data stores, including email, databases, and of course, files stored on network shares, file servers, and user workstations. While file systems themselves typically log user or system access to a file, the log event itself is not particularly useful in determining the risk of access. Moreover, once the user then copies or moves the file, potentially leading to a breach, that activity must be linked to downstream activity and evaluated for risk.
The only way to detect and evaluate file access risk – across the entire file handling lifecycle – is via a broad platform such as Exabeam Advanced Analytics. Download this white paper to learn how Exabeam can produce, on demand or as it unfolds, the entire chain of events leading to potential data loss, across filesystems, email systems, web systems, etc. This enables an insider threat team to detect early, to respond quickly, and to have a verified investigation report for legal, HR, or compliance purposes.