Skip to main content


Cyber threats can attack your organization in multiple ways—through locked accounts, user impersonation, and siphoning data. Exabeam User and Entity Behavior Analytics gives you the ability to track threats across multiple tactics and removes the analysis boundaries between physical and cloud infrastructures. We can even help your other security measures work more efficiently.

Insider Threats

Insider threats come from employees and contractors using their access rights to steal confidential data. Exabeam first creates behavioral baselines for every user to determine normal access. Then, we also compare each user to peers, monitors shared, and privileged accounts. We also analyze locked accounts for signs of potential insider data theft. Exabeam User and Entity Behavior Analytics incorporates common data feeds into its threat analysis, such as access logs, identity services, DLP scans, USB thumbdrive activity, badge readers, print servers, databases, and others.

insider threat detection

User and Entity Behavior Analytics

Many breaches use valid—but-stolen—credentials, which a hacker uses to impersonate an employee and gain access to sensitive data. Distinguishing between an employee going about his normal job and a hacker impersonating that same employee can be challenging. Exabeam uses a variety of techniques, driven by per-user baselines, to determine when an account is exhibiting unusual and risky behavior. Our UEBA techniques include monitoring for privilege escalation, new account creation, first-time remote login, first access to systems, and other unusual events.

ueba-compromised credentials

Account Lockouts

Locked-out accounts provide a strong signal of compromised accounts. Unfortunately, most IT organizations receive account lockout support tickets all day long, each requiring hours of investigation to resolve. Exabeam includes specialized analytics for account lockouts that assess risk of each, so that IT staff can focus on risky lockouts that are risky and avoid wasting time on those that aren’t.

account lockout


Ransomware can enter the corporate network from nearly anywhere, and often moves undetected from system to system. By the time it’s detected by endpoint security products, it’s too late. Exabeam applies behavioral analytics to system processes to detect anomalous behavior, no signatures required. It also applies research-driven knowledge of ransomware file extensions, names, etc. to determine whether unusual process-behavior matches activity of similar malware. Early detection enables Exabeam customers to prevent disruption to business operations and data security.

ransomware analytics

Cloud Analytics

Many enterprises already have integrated public or private clouds into their architectures, so behavioral analytics must include the cloud. Exabeam accepts log data directly from cloud services, such as event log files; web proxies that track cloud access, such as SonicWALL; and from cloud security brokers, such as Skyhigh Networks, that control access to multiple cloud services. These services receive the same level of behavioral analytics as your on-premises systems, and data from them is automatically integrated with other on-premises log data in Exabeam.

cloud analytics

Data Loss Prevention

Exabeam integrates with data loss prevention (DLP) products from McAfee, Symantec, and others to provide risk context around sensitive data. Exabeam can ingest DLP scans to identify systems that contain sensitive information and then adjust risk scoring when users access those systems. It can identify users who are copying sensitive data to thumbdrives or sending it to a printer. Exabeam also enhances the effectiveness of other DLP products by provide risk context data back to them. For example, a company using DLP to quarantine email can accelerate the process and reduce “noise” with Exabeam risk context scores.

data loss prevention

Privileged Account Monitoring

Privileged users, such as system or database administrators, have escalated access rights and their accounts can be rich targets for hackers. Exabeam uses special analytics for privileged and shared accounts and can flag unusual behavior within both types. Privileged accounts typically receive higher risk scores than standard employee accounts.

Priv Acct Monitoring