UEBA
RSA NetWitness UEBA
Spot insider threats and external attackers exploiting compromised credentials BEFORE those activities lead to a data breach. RSA NetWitness UEBA:
- Leverages user, network AND endpoint behavior profiling to identify abnormal behaviors
- Detects abuse and misuse of privileged accounts, brute force attacks, account manipulation and other malicious activities
- Requires no customization, ongoing care, or rule authoring, creation or adjustment
What Is UEBA?
UEBA, which stands for user and entity behavior analytics, is software that analyzes user activity data from logs, network traffic and endpoints and correlates this data with threat intelligence to identify activities—or behaviors—likely to indicate a malicious presence in your environment. It uses machine learning technology to baseline “normal” behavior and get smarter over time, and applies both static rules and statistical analysis to rapidly and accurately detect suspicious activity. Using such advanced technology and statistical models, UEBA is a force multiplier for security teams struggling to stay on top of today’s advanced, targeted threats.
The Case for UEBA
Featured Resources
Data Sheet
RSA NetWitness UEBA
Get this two-page summary of the features, benefits and capabilities of RSA NetWitness UEBA.
Case Study
RSA NetWitness UEBA Use Cases
Learn why traditional SIEM technolgy isn't enough for modern security environments, and how an evolved SIEM can accelerate threat detection and response.
Features
Out-of-the-Box Machine Learning
RSA NetWitness UEBA starts working to accurately identify unusual behavior the moment you turn it on. The zero-touch, turn-key approach means there are no rules to set up, no metadata to customize, no long machine training times, and no need to continually tune the underlying models.
Innovative Risk Scoring
Rather than alerting on any and all abnormal behaviors, RSA NetWitness UEBA aggregates multiple indicators of suspicious activity and applies a dynamic, statistical risk-scoring mechanism to them. When the risk score exceeds established thresholds, only then does the system produce a high-fidelity alert.
Scalable Platform
RSA NetWitness UEBA scales to process billions of events per day and analyze hundreds of thousands of organizational entities. Data collection, enrichment, analysis and investigation capabilities can be streamed or batch loaded on a Hadoop infrastructure.
Intelligent Peer Grouping
Since user behavior varies based on individuals’ roles, the type of work they do, their locations and other factors, users shouldn’t be lumped into a single group to create a behavior baseline. RSA NetWitness UEBA uses machine learning to create peer groups and detect deviations within them.
Benefits
Automated, Continuous Threat Detection
RSA NetWitness UEBA never stops monitoring the huge volume of log, network and endpoint security data that organizations produce. As part of the RSA NetWitness Platform, it correlates its behavioral analysis with threat intelligence and business context to produce focused, actionable alerts for SOC analysts that help to reduce mean time to investigate and respond.
Comprehensive Detection of Unknown Threats
Patented machine learning algorithms alert analysts to a wide variety of threats including compromised accounts, command and control activity, data exfiltration and staging, lateral movement, advanced malware, shared user credentials, privileged user account abuse, geolocation and remote access anomalies, and snooping and reconnaissance.
More Efficient, Effective Analysts
RSA NetWitness UEBA zeros in on suspicious behavior and applies its advanced risk scoring engine to identify and filter the highest priority threats, resulting in fewer false positives and higher-fidelity alerts that are easier for analysts to understand and act upon.
Faster Investigations
RSA NetWitness UEBA accelerates detection and investigation by correlating disjointed events and identifying abnormal activities and user threats in a single user interface. It provides analysts with all the information they need in one spot to rapidly investigate a threat.
RSA NetWitness UEBA Essentials
RSA NetWitness UEBA Essentials is a free, out-of-the-box offering for RSA NetWitness Logs and RSA NetWitness Network customers. In contrast to the advanced capabilities of RSA NetWitness UEBA, which helps to detect unknown threats, RSA NetWitness UEBA Essentials provides detection rules for known, static indicators, in addition to advanced correlation rules and “light” machine learning capabilities.
“We selected RSA NetWitness [Platform] because we found that it absolutely leaves no stone unturned. It uses behavioral indicators to identify attacks that are normally undetected by signature and rules-based monitoring tools.”
Security Architecture Manager
Recruit Technologies Co. Ltd.
RSA NetWitness UEBA is an integral part of the RSA NetWitness Platform evolved SIEM. In addition to RSA NetWitness UEBA, the RSA NetWitness Platform evolved SIEM consists of RSA NetWitness Network, RSA NetWitness Logs, RSA NetWitness Endpoint and RSA NetWitness Orchestrator. Together, these solutions deliver the industry’s most complete visibility across logs, network and endpoint data, helping to expose the full scope of attacks and make security analysts more efficient and effective through automation and advanced analytics.
Resources
E-Book
3 Keys to Faster Threat Response
Threats move fast. You have to move faster. See what capabilities you need to quickly recognize the nature of a threat and implement a definitive response to it.
E-Book
5 Tools to Boost Your Security Team’s Impact
Download this short guide to find out how to equip your security team to see threats anytime, anywhere they’re hiding, to detect the full scope of attacks and respond to them faster.
Infographic
- 11 Reasons to Love RSA NetWitness 11.x RSA NetWitness 11.x provides several significant enhancements and new functionality to address customers' needs. Take a look at eleven reasons to love RSA NetWitness 11.x.
Solution Briefs
- NetWitness Platform Solution Brief Learn how the RSA NetWitness Platform can help you address cloud security and today’s sophisticated cyber threats, all while enhancing your analysts’ efficiency and effectiveness.
- RSA NetWitness Evolved SIEM Learn why traditional SIEM technolgy isn't enough for modern security environments, and how an evolved SIEM can accelerate threat detection and response.
Use Case
- RSA Netwitness UEBA Use Cases Discover how RSA NetWitness UEBA provides comprehensive, behavior-based detection of unknown threats to address a wide range of use cases.
Videos
- Closing the Skills Gap Security teams need to leverage technology more than ever to close the skills gap and stay on top of attackers.
White Papers
- Managing the Security Skills Gap Get strategies for addressing the staffing shortage and taking pressure off your team. Learn how the RSA NetWitness Platform can boost your analysts’ and incident responders’ performance.
- It’s About Time Accelerating Threat Detection and Response Download this three-page brief to find out what obstacles you need to overcome and capabilities you’ll want to put in place to accelerate threat detection and response.
Want a Demo?
Sign up for a free demo today and watch our products in action.
Ready to Buy?
It's easy. Speak with an RSA expert anytime to request a quote.