|

User Behavior Analytics

Monitor User Behavior to Discover
Compromised Identities

Request a Demo

The Challenge

User identities are a major target for attackers since they are the key to resources throughout the organization. Determined attackers might evade detection, succeed in stealing user account credentials and leverage them for lateral movement and data access.

The Solution

Cynet User Behavior Analytics continuously monitors and profiles user activity to define a legitimate behavioral baseline and identify anomalous activity that indicates compromise of user accounts.

User Behavioral Baseline

Cynet utilizes real-time user activity monitoring to achieve a baseline, utilizing the number of hosts they log into, location, frequency, internal and external network communication, accessed data files and executed processes.

Real-Time Activity Context

Real-time activity context is achieved through continuous correlation of user activities with other entities’ events, including endpoints, files and external network locations, providing rich context to determine associated risk.

Enhance Accuracy with User Verification

Move to Proactive Login Monitoring

Leverage internal knowledge of users’ roles, group, geolocation and working hours to define access patterns to SaaS and on-prem resources that are likely to indicate user account compromise.

Examples include first-time logins to resources, login outside of working hours, login to multiple machines within a short timeframe, etc.

Active Policy

Define for each user or users’ group access policies for internal resources, on-prem or SaaS.

Policy Violation

User Verification

Cynet sends a Verification message automatically via phone or email to validate the login nature and avoid false positives.

Negative

Alert

Cynet triggers an alert on compromised user identity. Cynet’s admin can define that any such alert drives automated disabling of the user account.

User Behavior Analytics: Common Scenarios

Real time monitoring of all the interactions users initiate: hosts that they log into, number of host, location, frequency, internal and external network communication, data files opened, executed processes and many more.

Anomalous Login

User is logged in to his laptop and logs in to a sensitive database.

New VPN Connection

User remotely logs in to a file server via VPN for the first time.

Multiple Concurrent Connections

User is logged in to multiple resources within a short timeframe.

Off Hours SaaS Login

User that typically works on an on-prem desktop logs in remotely to the organization’s Dropbox.

Watch Cynet in Action

Request a Demo

The Cynet 360 Platform

Cynet UBA is a native part of Cynet 360, the first Autonomous Breach Protection Platform that utilizes Cynet Sensor Fusion™ to protect the entire environment by delivering the following capabilities:

NGAV

Automated prevention of malware, exploits, fileless, Macros, LOLBins and malicious scripts

yellow arrow

EDR

Detection and investigation of advanced threats on the endpoint

yellow arrow

Deception

Planting fake passwords, data files, configurations and network connections to lure attackers to reveal their presence

yellow arrow

Network Analytics

Prevention and detection of network-based attacks

yellow arrow

Monitoring & Control

Asset management, vulnerability assessment, application control

yellow arrow

Response Orchestration

Manual and automated remediation actions for files, users, hosts and network

yellow arrow