Skip to main content

user behavior analytics

detecting deviations in the behavior of various types of objects

the UBA module

provides mechanisms for detecting deviations in the behavior of various types of objects: users, hosts, administrators, information systems, business processes, etc. The universal scoring mechanism allows for identifying potential intruders, compromised accounts, calculating a cybersecurity index, analyzing operational efficiency and labor discipline, and combating fraud.

Examples of deviations:
  • unusual VPN connection time for a user;
  • user connected via VPN from an unusual city or country;
  • user launched an extremely rarely used program;
  • user sent an unusually large volume of emails.

key features

solving various tasks

The module allows solving tasks from different subject areas. That is, to meet the needs of various functional customers. The main task is to organize the processed objects according to the scoring points assigned to them.

module operation principle

Let's consider an object - the user account of John.S. This object has a set of parameters - email, login, SSID, phone number. All this data can be obtained from systems already connected to SAF, as well as using the Inventory module.

We have objects and a set of accumulated retrospective data in the system. Using profiling policies, we create profiles for each object. A profile is a set of parameters linked to a specific object.

For example:
  • a list of servers on which the user has ever performed any actions;
  • a set of information systems in which the user works;
  • on which servers the user performed certain types of operations;
  • quantitative characteristics related to the user's email activity;
  • time characteristics: typical login times, typical VPN connections, and so on.
Using anomaly detection rules, we analyze and record deviations, assigning scoring points to specific objects. If the specified values are exceeded, we can react to this by creating an incident, sending a notification, performing a specific action, conducting analysis on functional dashboards.

Contact Us

Please type your full name.
Invalid Input
Invalid email address.
Invalid Input
Invalid Input