User & Entity Behavior Analytics
“UEBA successfully detects malicious and abusive activity that otherwise goes unnoticed, and effectively consolidates and prioritizes security alerts sent from other systems.” — Gartner
Use Case: User & Entity Behavior Analytics
The Cynet 360 advanced threat detection and response platform provides IT security teams with a simplified approach to comprehensive security, across tens of thousands of endpoints. User & Entity Behavior Analytics (UEBA), Endpoint Detection & Response and Network Analytics are just some of the capabilities of the broad Cynet 360 platform.
Full Visibility Across the Network:
The Cynet 360 platform has the unique ability to monitor, analyze and unify insights into behavioral and interaction indicators across endpoints, users, network traffic and files. This, together with its utilization of UEBA, EDR, deception, forensics and more, enables Cynet to quickly detect inside threats, compromised accounts, and targeted attacks, creating a full picture of an attack operation, and accurately prioritizing and remediating threats – before damage occurs.
Ignore the Noise, Hone in on Real Threats:
Within the framework of the comprehensive Cynet 360 platform, UEBA utilizes heuristic analysis and machine learning to analyze the activity of users and entities in your system. It then compares them in real-time to historical activity. This allows Cynet to detect and issue pinpoint alerts regarding malicious behavior inside the organization. An attacker’s window of opportunity is reduced, and attacks are stopped before they compromise organizational assets.
Identify Affected Endpoints, Networks & Users for Rapid Risk Triage:
The Cynet 360 platform provides organizations with the unique ability to achieve a full view of attack operations over time. With UEBA, this means knowing what a user is doing, which machines they have used, what credentials they have adopted, which files that have accessed, and more. IT security teams are thus able to quickly identify internal threats and organizational breaches, and apply rapid response triage. Cynet 360’s UEBA feature:
- Quickly detects suspicious activity (lateral movement, accessing bad domains, etc.)
- Red flags compromised devices and machines
- Provides UBA Verification for validation of user identity
- Protects networks and servers by early identification of malicious behavior
Monitor & Verify User Identity with UBA Verification:
The Cynet 360 platform provides UBA Verification capabilities as part of its UEBA offering. Enterprise security teams are thus able to analyze and verify user identity of those attempting to access organizational assets.
4 STEPS TO RISK RANKING
The Cynet security platform correlates and analyzes indicators across all fronts of the organization – networks, files, users and endpoints – to establish risk-ranking and hone in on previously unidentified threats.
Establishment of a Baseline
Cynet begins by collecting and then scanning indicators, assessing organizational traffic to define a baseline. These indicators are then used to establish a risk ranking, showing the severity of behavioral anomalies.
Correlation of Indicators
The risk rankings are established following the correlation of indicators across the 4 layers of protection – files, networks, users and endpoints. The indicators are filtered through Cynet’s correlation engine, which checks for anomalies including network configuration changes; suspicious changes in endpoints between scans; system file modifications; suspicious registry changes and other flag-raising activities. Decoys can also be applied for users, files and servers.
Vetting against Security Intelligence
Potential threats are then vetted against Cynet’s security intelligence module, where they are tested against dozens of anti-virus and anti-malware engines, threat reports and zero-day intelligence files. Threats identified as absolute threats are flagged and alerts issued.
Inspection for Behavior Analysis
Items still appearing suspicious but not yet determined threats are then put through a static and if needed dynamic (sandbox) inspection. Within the sandbox, the file is executed in the context of the original scenario from which the file was found, indicators are collected during and after execution, including binary files and dependencies, such as DLLs. With this information, malicious behavior can be detected, identifying even difficult to uncover threats.
Cynet – the Total Security Platform
Today organizations must protect and detect on multiple fronts – files, networks, endpoints and users. A comprehensive platform, in which each front is investigated as part of the whole – is essential to achieving true organizational security.
Cynet analyzes files for threats that bypass the security perimeter, infiltrating corporate systems and data files. Attackers piggy-back on the vulnerabilities they discover in files, or in the software that is used to create or open a file, using these weaknesses to insert malicious code into the system.
Cynet exposes attacks on the network such as malicious IP addresses and botnets, password-based attacks, modification of network and server configurations, Denial-of-Service attacks and man-in-the-middle and compromised key attacks. Resulting service outages from these threats result in downtime, lost productivity and brand damage.
Cynet tracks user activities to create a baseline of typical user scenarios including working hours, file access, server access and typical network traffic. User behavior is monitored to uncover anomalies which can hint at attacks geared toward Intellectual Property theft, sabotage of IT systems, fraud, espionage or accidental insider threats.
Cynet scans and monitors endpoints for indicators of compromise that circumvent prevention systems. The platform detects and remediates the spread of advanced malware, Ransomware and other signature-less threats on Windows and Linux endpoints, which are often the hidden doors for hackers looking to break into critical systems.