UEBA: When “E” Doesn’t Stand for “Easy”

Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities.

While we are years away from a server deciding to go rogue and steal data on its own, machine takeover by hackers is already well underway. At a recent customer site, our research team applied our analytics platform to network traffic and found a variety of ugly attacks underway. These included DNS tunneling and rogue authentication requests to directory servers. The interesting thing is that this customer had a sophisticated security team and already had leading network security products in place. However, none of these products caught the attacks; only Exabeam detected them. That’s tough news for CISOs who’ve spent millions to deploy sandboxing and next-gen security systems. However, the reality is that the “E” part of UEBA requires attention.

We recently announced Exabeam 3.0, which includes a new elastic (i.e. multi-node scalable) architecture and features designed for new analytics on network traffic. Essentially, it’s the next generation of UEBA architecture, designed to support 10x more data. Exabeam 3.0 is especially well suited for cloud deployments, where you might spin up or spin down nodes as needed, without bothering with hardware appliances. Drop us a line at [email protected] if you’d like to learn more – there’s a reason why Exabeam is the #1 most deployed UEBA product in the world.