What is Behavioural Anomaly Detection and why do you need it?
Policy based detection analysis techniques work for what you know but security and risk professionals need to detect and analyse unknown and unknowable activity from insider or external attack. Behavioural Anomaly Detection is required.
Behavioural Anomaly Detection (BAD), also known as User Behaviour Analytics (UBA), User Entity Behaviour Analytics (UEBA) and Security User Behaviour Analytics (SUBA), ensures suspicious activity, whether by users, machines or applications operating across the network can be easily detected, investigated and resolved.
How does Huntsman Security Behavioural Anomaly Detection work?
The patented Huntsman Security Behavioural Anomaly Detection (BAD), incorporating real-time automation and machine learning. It integrates simply with the Huntsman Security Enterprise SIEM to dramatically enrich data collection to enable both rules based and behavioural analysis capabilities. By automatically describing the parameters of any activity stream Huntsman Security Behavioural Anomaly Detection passively establishes a dynamic baseline to highlight unexpected behaviour. It then correlates it with other relevant information to instantly provide actionable intelligence about malicious activity.
Using Behavioural Anomaly Detection to pinpoint threats that matter
Real-time correlation of User, Device, Application and Network activity with other relevant data sources to detect:
- Advanced Persistent Threats (APTs)
- Smart, customized and targeted malware
- Malicious or negligent insiders seeking to abuse their access and put data or IP at risk
- Data exfiltration, lateral data movement and unauthorised use of credentials by an insider or external attack
- ‘Unknown’ and ‘unknowable’ external and internal threats that simply can’t be second-guessed
The Benefits of using Huntsman Security Behavioural Anomaly Detection
- Real-time threat detection: Immediate visibility of anomalous activity within the network, operating system and application layers
- Correlation of known threat intelligence and asset information with behavioural data significantly enhances event context and risk mitigation
- Real-time protective actions to contain a threat and minimise any resulting loss
- Ease of operation, reduces operational risk to limit uncertainty and operator error
The features of Huntsman Security Behavioural Anomaly Detection
- Adapts to authorised network changes, gradual trends, usage spikes and work patterns while still automatically distinguishing suspicious and risky outliers from normal events
- Connects seemingly unrelated events from multiple information silos to quickly determine and prioritise any hidden or unexpected relationships
- Provides visual analysis GUI so metrics, key information and sensitivities can be tailored to meet precise profiling requirements
- Integration with rules-based security solutions complement the analysis and insight into known and unknown threats
Products that Huntsman Security Behavioural Anomaly Detection will enhance:
Want to find out more?