User identities are a major target for attackers since they are the key to resources throughout the organization. Determined attackers might evade detection, succeed in stealing user account credentials and leverage them for lateral movement and data access.
Cynet User Behavior Analytics continuously monitors and profiles user activity to define a legitimate behavioral baseline and identify anomalous activity that indicates compromise of user accounts.
Cynet utilizes real-time user activity monitoring to achieve a baseline, utilizing the number of hosts they log into, location, frequency, internal and external network communication, accessed data files and executed processes.
Real-time activity context is achieved through continuous correlation of user activities with other entities’ events, including endpoints, files and external network locations, providing rich context to determine associated risk.
Move to Proactive Login Monitoring
Leverage internal knowledge of users’ roles, group, geolocation and working hours to define access patterns to SaaS and on-prem resources that are likely to indicate user account compromise.
Examples include first-time logins to resources, login outside of working hours, login to multiple machines within a short timeframe, etc.
Define for each user or users’ group access policies for internal resources, on-prem or SaaS.
Cynet sends a Verification message automatically via phone or email to validate the login nature and avoid false positives.
Cynet triggers an alert on compromised user identity. Cynet’s admin can define that any such alert drives automated disabling of the user account.
Real time monitoring of all the interactions users initiate: hosts that they log into, number of host, location, frequency, internal and external network communication, data files opened, executed processes and many more.
User is logged in to his laptop and logs in to a sensitive database.
User remotely logs in to a file server via VPN for the first time.
User is logged in to multiple resources within a short timeframe.
User that typically works on an on-prem desktop logs in remotely to the organization’s Dropbox.
Cynet UBA is a native part of Cynet 360, the first Autonomous Breach Protection Platform that utilizes Cynet Sensor Fusion™ to protect the entire environment by delivering the following capabilities:
Planting fake passwords, data files, configurations and network connections to lure attackers to reveal their presence