Understanding and establishing identities on your network is important. Disparate actions from users and entities mean nothing. However, when these actions are associated with one another, they can tell a cohesive story and provide meaningful security context.
Log360 UEBA maps disparate user accounts and related identifiers to build a comprehensive baseline of a user’s behavior.
Log360 UEBA can identify anomalous user behavior based on time, count, and abnormal patterns.
Irregular time: An employee who generally logs on between 9am and 10am suddenly logs on at 5am. Log360 quickly identifies this event and flags it as deviant behavior.
Abnormal patterns: Log360 identifies normal behavior patterns of users—updating these patterns as they change over time—and notifies admins when users deviate from these patterns. For example, if a user generally uses Host A and Host B but suddenly uses Host C, this behavior will be identified as a pattern anomaly.
Irregular count: You can specify a threshold value for specific events, such as password changes and user creation. For example, if logs suggest that a user has executed over 20 DML queries on a SQL server while the baseline is usually three, Log360 will trigger a count anomaly.
Identify anomalous behavior of hosts based on time, patterns, and count. Log360 UEBA is capable of spotting anomalous entity behavior in: