Behaviour Anomaly Detection (BAD) is sometimes referred to as User Behaviour Analytics (UBA), User Entity Behaviour Analytics (UEBA) or Security User Behaviour Analytics (SUBA).
Huntsman Security’s Behaviour Anomaly Detection engine ensures suspicious activity, whether by users, machines or applications operating across the network can be easily detected, investigated and resolved based on learned profiles of baseline behaviour that can be fixed once derived, or continuously variable as the network grows or patterns of use evolve.
Behaviour Anomaly Detection builds on policy-driven or rule and pattern-based analysis to detect unknown and unknowable activity from insiders or external parties using machine learning to highlight statistical or behavioural anomalies that can indicate a security attack, data loss, insider misuse or other issue.
Video: What is Behaviour Anomaly Detection and why do you need it?
Behaviour Anomaly Detection: Benefits
- Real-time detection of cyber threats and insider misuse
- Visibility of anomalous activity within the network, operating system and application layers
- Correlation of known threat intelligence and asset information with behavioural data to significantly enhance event context
- Simple configuration through reduced definition and maintenance of polices or rules; with thresholds, limits and often unknown parameters
- Reduced operational risk to limit uncertainty and remove operator error
- Enriches data collection and enables both rule-based and behavioural analysis
Behaviour Anomaly Detection: Features
- Adapts to authorised network changes, gradual trends, usage spikes and work patterns
- Automatically distinguishes suspicious and risky outliers from normal events
- Real-time analysis of user, device, application, network activity and other data sources to detect:
- Advanced Persistent Threats (APTs)
- Smart, customized and targeted malware
- Malicious or negligent insiders abusing access and putting information at risk
- Data exfiltration, lateral movement and the use of credentials by attackers
- ‘Unknown’ and ‘unknowable’ external and internal threats
- Connects seemingly unrelated events from multiple information silos to quickly determine hidden or unexpected relationships
- Visual analysis GUI so metrics, key information and sensitivities can be displayed and tailored to meet precise profiling requirements
Huntsman Security Products with Behaviour Anomaly Detection
Want to find out more?