UEBA: When "E" Doesn't Stand for "Easy" - Exabeam

UEBA: When “E” Doesn’t Stand for “Easy”

Published
September 28, 2016

Author
admin

Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities.

While we are years away from a server deciding to go rogue and steal data on its own, machine takeover by hackers is already well underway. At a recent customer site, our research team applied our analytics platform to network traffic and found a variety of ugly attacks underway. These included DNS tunneling and rogue authentication requests to directory servers. The interesting thing is that this customer had a sophisticated security team and already had leading network security products in place. However, none of these products caught the attacks; only Exabeam detected them. That’s tough news for CISOs who’ve spent millions to deploy sandboxing and next-gen security systems. However, the reality is that the “E” part of UEBA requires attention.

We recently announced Exabeam 3.0, which includes a new elastic (i.e. multi-node scalable) architecture and features designed for new analytics on network traffic. Essentially, it’s the next generation of UEBA architecture, designed to support 10x more data. Exabeam 3.0 is especially well suited for cloud deployments, where you might spin up or spin down nodes as needed, without bothering with hardware appliances. Drop us a line at info@exabeam.com if you’d like to learn more – there’s a reason why Exabeam is the #1 most deployed UEBA product in the world.

Recent UEBA Articles

Insider Threat Examples: 3 Famous Cases and 4 Preventive Measures

Read More

An Outcome-based Approach to Use Cases: Solving for Lateral Movement

Read More

What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Read More

Using Advanced Analytics to Detect and Stop Threats [White Paper]

Read More

Understanding Insider Threat Detection Tools

Read More



Recent Information Security Articles

Expand Coverage Against Threats with Exabeam Content Library and TDIR Use Case Packages

Read More

Demystifying the SOC, Part 2: Prevention isn’t Enough, Assume Compromise

Read More

How Attackers Leverage Pentesting Tools in the Wild

Read More

The Differences between SIEM and Open XDR

Read More

Why I Joined Exabeam

Read More

Exabeam Growth and the Opportunity Ahead

Read More