Overview

Industry

  • Cross Industry Solution

Supported Systems

  • Custom and commercial applications and systems

Securonix Use Cases

  • Compromised Account Detection
  • Privileged Account Monitoring
  • Advanced Persistent Attack Detection

Business Impact

  • Predictive threat detection
  • Reduced breach impact
  • Comprehensive response and investigation
  • Accurate detection of compromise, reduced false positives

Data Sources

  • Application logs and entitlements
  • HR/Identity information
  • Active directory
  • Activity logs

Relevant Compliance & Security Best Practices

  • SOX
  • PCI DSS
  • HIPAA/HITECH
  • FISMA
  • FERC/NERC

User behavior analytics (UBA), or user and entity behavior analytics (UEBA), are artificial intelligence and machine learning capabilities based on a number of technical components including data analytics, data integration, data visualization and source systems analyses.

Securonix pioneered the use of User Behavior Analytics (UBA) for cyber security over eight years ago. We’ve worked with some of the world’s leading enterprises in finance, pharmaceuticals, healthcare, manufacturing, and technology to develop a robust enterprise-class security analytics solution that now sets the standard for the market. Our solution analyses volumes of data-at-scale to establish a baseline of normal user and system behavior, and flag suspicious behavior anomalies. The result is a sophisticated artificial intelligence platform that detects insider and cyber threats in real time.

Challenge:

Information security leaders have accepted a real but pessimistic outlook: the question is not if, but when, their organization will be breached. And it’s no wonder. Traditional security measures position organizations two steps behind attackers. They are marginally effective at detecting known attacks, but nearly defenseless against new, emerging, sophisticated and insider attacks. Meanwhile, SIEM solutions tend to overwhelm security teams with high volumes of alerts that include too many false positives, while real threats go undetected. The standard security stack remains focused on protecting abstractions such as perimeters and endpoints, representations of things that don’t really exist in today’s interconnected ecosystem. In short, those tasked with protecting an organization’s most sensitive data operate with tools that fail to detect threats against that data.

Solution: Behavior Anomaly Detection and Peer Group Analysis through User Behavior Analysis

UEBA (User & Entity Behavior Analytics) is emerging as the most promising solution to rampant cyber threats and fraud because it allows security leaders to finally get ahead of the attackers by detecting risks to what they’re actually defending: the data!

According to a 2015 Gartner study, “UEBA successfully detects malicious and abusive activity that otherwise goes unnoticed, and effectively consolidates and prioritizes security alerts sent from other systems… organizations need to develop or acquire statistical analysis and machine learning capabilities to incorporate into their security monitoring platforms or services. Rule-based detection technology alone is unable to keep pace with the increasingly complex demands of threat and breach detection.”

Securonix is the industry leader in behavior-based security analytics, and is led by a team of experts in the fields of machine learning, artificial intelligence and behavior anomaly detection. The company is considered the market leader in the use of applied security analytics to combat insider and advanced cyber threats.

The Securonix Security Analytics Platform is a purpose-built advanced security analytics technology that mines, enriches, analyzes, scores and visualizes data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that monitors users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced data security, insider threats and fraud attacks.

  • Signature-less behavior based analytics for detecting insider and targeted cyber attacks
  • User centric monitoring across hosts, network and applications
  • Privileged account monitoring and misuse detection
  • Over 90% reduction in security events warranting investigations

Solutions Tour

Insider Threat Management

An organization’s primary defenses (e.g. firewalls, access controls, physical access controls) are built for the untrusted external attacker, not the trusted insider. To counter this advantage, organizations need capabilities that detect nefarious or negligent activities that go undeterred by traditional security measures. Securonix’ User and Entity Behavior Analytics solution is built to automatically and accurately identify inside threat actors by delivering behavior anomaly detection capabilities in an out-of-the-box solu¬tion that does not require manual sifting through data or rules. Using purpose-built data mining, correlation, enrichment, and analytics, Securonix detects not only users with high risk identity profiles, but also high risk activity, access, and events in your organization associated with insider threats. Simply put, Securonix produces insider threat intelligence.

Identity & Access Management

Securonix uses highly sophisticated algorithms that automatically detect high privileged accounts for proactive monitoring while identifying and risk ranking rogue access assignments for cleanup or certification. Securonix integrates with every major IAM and identity access governance product while connecting natively to major business applications and systems. It delivers automatic identity and access intelligence allowing improved access management compliance through user and resource centric views of access risk, automated access cleanup and risk-based, streamlined access request processes.

Application Security

Enterprise applications are the primary source of an organization’s critical assets and processes. As such, they are the primary targets for insider and external threats and attacks. Most organizations have limited to no threat monitoring of these applications and rely primarily on access controls and network security solutions that do little or nothing to defend organizations from insider threats or an external targeted attacks. Securonix addresses this common blind spot by monitoring critical applications and systems at the transaction, data set, and sensitive user record level to identify anomalies that indicate a threat. Suspicious application-based behaviors are correlated with continuously generated risk profiles of users, access, and activities associated with sensitive data and transactions.

Network Security

Most organizations have made significant investments in rule or policy based SEIM solutions that are purpose built for large scale event collection, correlation, and storage, not detecting who, what, where, when, and how someone is attacking the organization. These solutions flood security teams with false alarms and are useless against unknown, insider, targeted, zero-day and emerging threats because they rely on signatures, policies or rules to detect them. Securonix couples the latest advances in machine learning and artificial intelligence with advanced anomaly detection techniques that rapidly detect known and unknown threats – without relying on signatures, policies or rules. By correlating anomalous behaviors with context rich intelligence, Securonix reduces false positives by up to 90 percent, enabling security teams to concentrate on real, high-risk threats to the organization

Privileged Account Management

When a High Privilege Account (HPA) user goes rogue, whether by malicious intent or account compromise by an outside actor, traditional security measures are unlikely to detect the threat before a serious security incident because HPAs operate with the necessary credentials, entitlements and access permissions to both do their job…and circumvent security flags. Securonix removes the cloak of privilege that allows most HPAs to operate with a high-risk measure of anonymity by detecting anomalous behaviors associated with insider and external attacks. Abnormal account activity is flagged automatically and accurately, and risk-ranked with context-rich intelligence that correlates user, network, system and physical data with HR tips and clues.

Data Exfiltration Intelligence

Today’s targeted attacks, whether launched by insiders or by external hackers, are primarily focused on stealing an organizations most sensitive data. The primary defense for organizations is application access controls and in some cases DLP (Data Loss Prevention) monitoring tools. Fully deployed, these controls tend to be defenseless against motivated insiders or outsiders and they generate a continuous stream of false positives. To combat these complex threats effectively, organizations need better context of a user’s identity, behavior and their associated peers in order to pinpoint the real attacks and to focus monitoring efforts on what is high risk before it is too late.

Threat Intelligence

Attacks launched by misuse of legitimate credentials pose one of the most critical threats to organizations. These attacks may be launched by employees, vendors, outsourced operators or even external perpetrators that have managed to get access to credentials. External perpetrators use social engineering and sophisticated malware to gain access to the credentials of valid accounts. Since organizations have not implemented sophisticated tools capable of monitoring and detecting behavioral changes for legitimate access, these attacks often go unnoticed. Securonix provides innovative behavior based techniques in conjunction with peer group analysis techniques to detect any variation in normal patterns for access and usage of internal data sources. By comparing not only historical usage, but usage of colleagues and team members also, the Securonix solution is able to remove the noise associated with incremental changes in user behavior for automatic, accurate detection of attacks.