User Behavior Analytics

Monitor User Behavior to Discover
Compromised Identities

The Challenge

User identities are a major target for attackers since they are the key to resources throughout the organization. Determined attackers might evade detection, succeed in stealing user account credentials and leverage them for lateral movement and data access.

The Solution

Cynet User Behavior Analysis continuously monitors and profiles user activity to define a legitimate behavioral baseline and identify anomalous activity that indicates compromise of user accounts.

User Behavioral Baseline

Cynet utilizes real-time user activity monitoring to achieve a baseline, utilizing the number of hosts they log into, location, frequency, internal and external network communication, accessed data files and executed processes.

Real-Time Activity Context

Real-time activity context is achieved through continuous correlation of user activities with other entities’ events, including endpoints, files and external network locations, providing rich context to determine associated risk.

Enhance Accuracy with User Verification

Move to Proactive Login Monitoring

Leverage internal knowledge of users’ roles, group, geolocation and working hours to define access patterns to SaaS and on-prem resources that are likely to indicate user account compromise.

Examples include first-time logins to resources, login outside of working hours, login to multiple machines within a short timeframe, etc.

Active Policy

Define for each user or users’ group access policies for internal resources, on-prem or SaaS.

Policy Violation

User Verification

Cynet sends a Verification message automatically via phone or email to validate the login nature and avoid false positives.

Negative

Alert

Cynet triggers an alert on compromised user identity. Cynet’s admin can define that any such alert drives automated disabling of the user account.