UEBA: When “E” Doesn’t Stand for “Easy”
Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities.
While we are years away from a server deciding to go rogue and steal data on its own, machine takeover by hackers is already well underway. At a recent customer site, our research team applied our analytics platform to network traffic and found a variety of ugly attacks underway. These included DNS tunneling and rogue authentication requests to directory servers. The interesting thing is that this customer had a sophisticated security team and already had leading network security products in place. However, none of these products caught the attacks; only Exabeam detected them. That’s tough news for CISOs who’ve spent millions to deploy sandboxing and next-gen security systems. However, the reality is that the “E” part of UEBA requires attention.
We recently announced Exabeam 3.0, which includes a new elastic (i.e. multi-node scalable) architecture and features designed for new analytics on network traffic. Essentially, it’s the next generation of UEBA architecture, designed to support 10x more data. Exabeam 3.0 is especially well suited for cloud deployments, where you might spin up or spin down nodes as needed, without bothering with hardware appliances. Drop us a line at [email protected] if you’d like to learn more – there’s a reason why Exabeam is the #1 most deployed UEBA product in the world.
Understanding UEBA: From Raw Events to Scored Events
Exabeam Alert Triage with Dynamic Alert Prioritization Now Available in Exabeam Fusion and Exabeam Security Investigation
Fourth-gen SIEM is New-Scale SIEM™: Cloud-native SIEM at Hyperscale
The New CISO Podcast: Solving Security Puzzles
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!