Threat corroboration

There are several indicators of compromise (IoCs) and indicators of attack (IoAs) before an actual attack or breach occurs. Log360 UEBA does not allow these indicators to fly under its radar, and focuses on exposing major threats including insider attacks, account compromise, and data exfiltration.

Insider threats: Insider threats originate from trusted users, such as a current or former employee, often motivated by financial gain or revenge. Log360 UEBA detects these notoriously hard to detect threats by monitoring for the following indicators of insider threats:

  • New or unusual system access
  • Unusual login times
  • Unusual file access and modifications
  • Excessive authentication failures

Account compromise: A compromised account behaves differently. Log360 UEBA’s robust anomaly detection system can quickly differentiate a legit account's activity from a compromised one by recognizing anomalies related to account logins, data access, and other parameters.

Data exfiltration: To stop a threat before it can cause any damage, you should monitor for indicators that an attack is progressing toward data exfiltration. Log360 UEBA tracks the potential indicators of data exfiltration including anomalous file creation, modification, and deletion, as well as permission changes.

Threat corroboration