User and entity behavior analytics (UEBA)

Is this just what your
company is missing?

Learn how UEBA uses risk scores to help you stop even the most sophisticated attacks.

Start now

Stronger security starts with Log360

ManageEngine Log360 offers UEBA to help strengthen your defenses against cyberattacks, data breaches, and identity theft.

Choose one of three scenarios

With an effective UEBA solution, you can prevent three types of security risks—insider threats, compromised accounts, and data exfiltration. Choose any scenario below to see how UEBA performs in these situations.

Scenario 1

Insider
threat

A malicious engineer tries to sabotage the company.

STEVE
Scenario 2

Account
Compromise

A hacker compromises a user account and tries to gain unauthorized access.

BOB
Scenario 3

Data
Exfiltration

A marketing manager attempts to exfiltrate data from the sales database.

MINDY

An engineer tries to sabotage his company

An engineer named Steve is told that his contract is not being renewed.

Steve is not happy about his termination and wants to exact revenge on his organization.

Steve stays well past his usual work hours and accesses a file server with sensitive design files at 9:00 pm. This triggers a time anomaly.

Steve accesses multiple design files between 9:00 and 9:15 pm.

This triggers a count anomaly.

He starts to delete and modify sensitive files.

This triggers a pattern anomaly.

Steve's high risk score causes concern.

The IT administrator immediately knows something is going wrong and can take action.

A hacker compromises a user account

An attacker named John sends a phishing email to Bob. 

Bob opens the email and inadvertently starts downloading malware.

The malware causes abnormal services to be installed on the host (Bob's machine)

This triggers a pattern anomaly.

The malware causes malicious scripts to run, and these, in turn, modify the firewall rules. This pattern anomaly causes the risk score of Bob's machine to increase further.

John quickly compromises Bob's account and accesses it from a remote location. This is yet another pattern anomaly, and the entity risk score goes up even more.

John starts to move laterally in the network by pivoting from machine to machine He also gains advanced privileges over multiple unauthorized network shares. The risk of a compromised account is heightened.

The high risk score causes grave concern.

The IT administrator immediately knows something is going wrong and can investigate the issue.

A marketing manager attempts to exfiltrate data

A marketing manager named Mindy decides to leave her organization and join a competitor as a sales director.

She decides to take the customer database with her.

As a marketing manager, she has permission to access the customer database but usually doesn't access it.

At the end of her penultimate day at work, she logs into the customer database in a SQL server. This triggers a pattern anomaly.

In the SQL server, she performs numerous Data Manipulation Language (DML) queries. This is a count anomaly.

She then creates numerous files with information from the queries. This is another count anomaly.

She plugs in a USB drive and downloads the files. This is a pattern anomaly

Mindy's high risk score causes concern.. The IT administrator immediately knows something is wrong and can investigate the issue.