User and entity behavior analytics (UEBA) solutions and capabilities (such as that in CloudAI) can help to add significant context and information for security analysts. UEBA collects attributes about user actions and behaviors, and focuses less on event-driven response and more on behaviors over time. This technology can help to label a user as “risky” based on numerous behaviors and trends, rather than one or more specific events. In addition, UEBA allows security teams to frame discussions about users, endpoints and risky behavior in terms that the business understands. For example, instead of trying to explain to executives that an attacker attempted a buffer overflow exploit, analysts can describe how a user behaved unusually versus their normal patterns of traffic and endpoint events and how this behavior indicates that the system has been compromised or that the organization has a legitimate insider threat.
Download this whitepaper to find out more.