<img src="//pixel.quantserve.com/pixel/p-_JKXxuL8SR7wu.gif?labels=_fp.event.Default" style="display: none;" border="0" height="1" width="1" alt="Quantcast">
blog-banner.jpg

the bitglass blog

What is UEBA?

By Kevin Gee | September 21, 2016 at 5:00 AM

ueba.png

Network attacks are consistently getting more advanced and can often bypass typical security defenses. Hacked or spoofed credentials are often overlooked or not immediately detected, which can lead to significant data breaches. User and Entity Behavior Analytics (UEBA) is now more important than ever to help identify and detect intrusions, suspicious behavior, or malicious/anomalous activity. So what exactly is UEBA?

UEBA is the process of baselining user activity and behavior, combined with peer group analysis, to detect potential intrusions and malicious activity. The best security system doesn’t mean anything if compromised credentials can easily access your data. Companies must now provide a flexible security system that can identify anomalous user activity in order to prevent all avenues of breaches.

UEBA has become a focal point for us and we will continue to focus on and improve our UEBA capabilities to provide you total data security. At Bitglass, we’re actively developing features that will help you identify and prevent malicious activity. The Bitglass Session Policy, for example, allows you to set actions based on detected anomalous activity including:

  • New User-Agent and Location Detected: Triggers an alert when a new device and location are used.
  • Consecutive Login Failures: Specify the number of login failures within a timeframe and delay the login or force re-authentication across all of the user’s sessions.
  • Suspicious User Locations: Detects if a user logs in from distant locations in a small period of time and delay login, force re-authentication, or require two-factor authentication.

Bitglass takes this basic UEBA functionality one step further with the ability to identify strange user behavior across different apps. For example if a user logs into Office 365 from California and then shortly after logs into Salesforce from New York, Bitglass can identify an anomalous activity is taking place and trigger an alert and action (e.g. two-factor auth requirement). This coupled with in-depth reports on user activity makes Bitglass a more useful and complete solution for total data protection.

15 minute live demo