Anomalous user and entity behavior analytics

Understanding and establishing identities on your network is important. Disparate actions from users and entities mean nothing. However, when these actions are associated with one another, they can tell a cohesive story and provide meaningful security context.

Log360 UEBA maps disparate user accounts and related identifiers to build a comprehensive baseline of a user’s behavior.

Anomalous user behavior analytics

Log360 UEBA can identify anomalous user behavior based on time, count, and abnormal patterns.

Irregular time: An employee who generally logs on between 9am and 10am suddenly logs on at 5am. Log360 quickly identifies this event and flags it as deviant behavior.

Abnormal patterns: Log360 identifies normal behavior patterns of users—updating these patterns as they change over time—and notifies admins when users deviate from these patterns. For example, if a user generally uses Host A and Host B but suddenly uses Host C, this behavior will be identified as a pattern anomaly.

Irregular count: You can specify a threshold value for specific events, such as password changes and user creation. For example, if logs suggest that a user has executed over 20 DML queries on a SQL server while the baseline is usually three, Log360 will trigger a count anomaly.

Anomalous entity behavior analytics

Identify anomalous behavior of hosts based on time, patterns, and count. Log360 UEBA is capable of spotting anomalous entity behavior in:

  • Windows devices
  • Microsoft SQL servers
  • Network devices such as routers, switches, firewalls, and NGFWs
  • FTP servers

Anomalous user and entity behavior analytics