DATASHEET

Securonix User and Entity Behavior Analytics

Go Beyond Legacy Security Monitoring

Traditional perimeter based security solutions focus on finding threats that come from outside your organization.
According to the 2017 Verizon Data Breach Investigations Report, one out of every four identified breaches
involve an internal actor. Whether this is an insider with malicious intent, an insider whose credentials have been
compromised, or even an insider that acted unwisely, the organization is still breached.

Securonix User and Entity Behavior Analytics (UEBA) leverages sophisticated machine learning and behavior
analytics to analyze and correlate interactions between users, systems, applications, IP addresses, and data. Light,
nimble, and quick to deploy, Securonix UEBA detects advanced insider threats, cyber threats, fraud, cloud data
compromise, and non-compliance. Built-in automated response playbooks and customizable case management
work flows allow your security team to respond to threats quickly, accurately, and efficiently.

Address a Wide Range of Use Cases

Insider Threat Cyber Threat Cloud Security Fraud

• Data Exfiltration • Pass-The-Hash • Payment Fraud • Anomalous Data Sharing
• Privileged Account Misuse • Lateral Movement • Retail Fraud • Privilege Misuse
• Patient Data Snooping • Ransomware • Customer Fraud • Data Exfiltration
• IP Theft • Beaconing, DGA • Internal Fraud • Unauthorized Login & Access
• Access Anomalies • Phishing • Trade Surveillance • External Attacks

Product Features

Advanced Analytics Find Threats with Minimal Noise learning, robotic pattern detection, domain generation algorithm
(DGA) detection, and sequential learning. Using threat chains,
1453
Outlier
60%
Job Key
Securonix UEBA correlates and analyzes events from multiple
1166
75 %
80% sources–including user, device, asset, application, and network
875
Division
Jane
Dept
segment–and stiches together a sequence of events in order
583
Baseline
Doe
to predict, detect, and contain attacks that would be invisible to
292 Manager
95%
Title
92% legacy solutions.
0

Swift Deployment with Packaged Applications

013

013

013

013

013

013

013
1, 2

2, 2

3, 2

4, 2

5, 2

6, 2

7, 2
Jan

Jan

Jan

Jan

Jan

Jan

Jan

Behavior Analysis Peer Analysis Event Rarity Analysis Securonix UEBA comes with packaged applications specifically
designed for insider threat, cyber threat, fraud, and cloud security
Events that look harmless in isolation can lead to high risk
analytics use cases. Applications include customizable threat
threats when analyzed in context over time. Securonix UEBA
models, dashboards, and reports that let you deploy rapidly and
detects advanced threats using a combination of patented
get results faster. Securonix UEBA also comes with pre-built
machine learning and statistical analytic models including min-
connectors that include cloud data sources and non-technical
max clustering, peer analysis, event rarity analysis, predictive
data sources, such as badge readers and social media.
Real-time Context Enrichment for Real-time Results
Securonix UEBA captures and enriches security data with real-
time contextual information at the time it is ingested. Contextual
enrichment adds user identity, asset metadata, network
information, geolocation, and threat context to an event. This
transforms raw events into meaningful information so threats can
be detected accurately and prioritized.
Discover the Securonix Threat Library
The Securonix Threat Library is a collection of threat models
created by the Securonix cyber research team in collaboration
with customers, partners, and national security leaders. The
library enables you to access, download, and deploy with a
single click.
Clear Visibility into Your Cloud
Extend your security monitoring to your cloud environment.
Securonix UEBA has built-in APIs for all major cloud
infrastructure and application technologies to provide cloud-to-
cloud monitoring capabilities. This allows the solution to analyze
user entitlements and events to look for malicious activity.
It correlates cloud data and on-premises data to add entity
context information and analyze end-to-end activities and detect
actionable threat patterns.
Monitor Enterprise and Custom Applications
Don’t settle for less when it comes to your security visibility.
Securonix UEBA ingests transaction logs, security logs, and
entitlements from enterprise applications such as SAP, EPIC,
and even custom applications in order to baseline normal
activity patterns and identify anomalous behavior. It can also
monitor applications generally not covered with existing solutions
including vertical specific applications such as EPIC, Cerner,
WindChill, or RECON and financial applications such as expense
applications and point of sale applications.
Straightforward Threat Hunting
Text-based Search Visualization Link Analysis
Securonix Spotter™ enables blazing-fast threat hunting
using natural language search. Searching for threat actors
or indicators of compromise (IOC) is simplified with visual
pivoting available on any entity in order to develop valuable
threat context. Visualized data can be saved as dashboards or
exported in standard data formats.
LEARN MORE
www.securonix.com
14665 Midway Rd. Suite #100, Addison, TX 75001 | ©2018 Securonix
Faster Investigations & Automated Incident Response
The Securonix Investigation Workbench allows you to rapidly
investigate incidents by pivoting on anomalous entities and
tracing associated activities and events. With comprehensive
incident management and workflow capabilities, Securonix
UEBA allows multiple teams to collaborate on investigation and
remediation of an incident. An automated incident response
framework with built-in orchestration playbooks enables you to
automate remediation actions on select threats.
Meet Data Privacy Requirements
UEBA solutions that leverage contextual user behavior patterns
need to be able to meet global data privacy requirements such
as the European Union General Data Protection Regulation
(GDPR). Securonix UEBA provides data masking capabilities
to protect user identities while still enabling robust analytics on
their activities. With granular, role-based access control, access
to data can be limited by business needs. Detailed logging
capabilities are available to ensure a full audit trail of all activities
within the solution.
Convenient Cloud-Based SaaS
With Securonix Cloud you can enjoy all the capabilities of
Securonix UEBA, with the convenience of a software-as-a-service
(SaaS) solution. It provides security that spans across your cloud
infrastructure, data, applications, and access control solutions.
Benefit from the quick deployment, easy scalability, and shorter
time to value of Securonix Cloud.
For more information about Securonix Cloud visit
www.securonix.com/securonix-cloud
Expand Seamlessly with a Truly Unified Platform
All Securonix solutions share the same unified platform. As
organizational needs change, seamlessly expand your Securonix
UEBA deployment and add security incident and event
management (SIEM) or log management capabilities without
needing to reengineer your security environment.
For more information about Securonix UEBA visit
www.securonix.com/ueba
LET’S TALK
+1 (310) 641-1000
0718