Powered by Machine Learning That Detects Any Threat, Anytime, Anywhere.
Modern threats are complex, often executed with compromised credentials or with the help of insiders with legitimate credentials, and carried out over long periods of time. Predicting, detecting and containing these threats is near-impossible using traditional signature-based solutions that were not developed to protect organizations from advanced or insider attacks. Securonix UEBA Bolt 6.0 is purpose-built to rapidly detect any threat, anywhere, leveraging machine learning and behavior analytics that analyze and cross-correlate all interactions between users, systems and data to detect insider threats, cyber threats, fraud, cloud data compromise and noncompliance.
Light, nimble and quick to deploy, version 6.0 of UEBA Bolt is faster and smarter with a new, ultra-modern user experience based on design concepts that provide intuitive visualizations of enterprise risk and one-click actions for threat management and risk mitigation. Packed with enhanced analytical and machine learning capabilities, 6.0 comes with more than 350 out-of-the-box connectors and over one thousand one-click deploy threat models that immediately deliver tangible value.
How Does it Work?
Events that can look harmless in isolation often map into high-risk threats when analyzed in context over time. UEBA Bolt 6.0 correlates and analyzes events from multiple sources such as user, device, asset, application, and network segment to predict, detect and contain slow-and-low attacks that are invisible to legacy solutions. 200+ new threat models have been added to this release in addition to tuning of existing models for further risk refinement.
Real-time Behavior Analytics
Patented unsupervised and supervised machine learning and statistical algorithms profile normal activity and detect anomalies. Some of the key signature-less techniques include mix-max clustering, peer analysis, event rarity analysis, predictive learning, fuzzy correlation, robotic pattern detection, DGA detection and sequential learning.
Investigation and Response
Full incident management capabilities investigate and respond to threats including link-analysis with drag-and-drop graphical representation for ad-hoc investigations, reviews and analysis. Plus, case management capabilities with out-of-the-box, dynamic workflows based on industry best practices are built into the platform. Case management workflows are fully customizable based on client need.
Key Features of Version 6.0
Getting UEBA Bolt 6.0 up and running is even faster and more automated than ever before. With built-in data connectors and pre-packaged use cases, implementation is swift and results are immediate.
Enhanced User Experience
Securonix Bolt 6.0 has a new user interface with elegant visualizations of enterprise risk and intuitive, easy-click actions to mitigate threats and risk. The solution also provides data insights and fully customizable dashboards. The entity risk view have been updated to provide a full 360-degree perspective on an entity’s risk profile.
350+ out-of-the-box connectors integrate with a variety of structured and unstructured data sources including enterprise applications, identity systems, and non-technical data sources such as badge readers and social media that are not supported by typical log management solutions.
More Packaged Applications For Fraud, Trade Surveillance and Patient Data Analytics
Securonix uses packaged solutions to provide out-of-the-box use cases for specific threats and industries, plus use case models, dashboards and reports. UEBA Bolt 6.0 comes with new line-of-business use cases, dashboards and reporting for fraud, trade surveillance and patient data analytics.
Threat Model Exchange
UEBA Bolt 6.0 comes packaged with The Securonix Threat Model Exchange®, a library of threat models sourced by the Securonix cyber research team in collaboration with our cross industry client base, partners and national security leaders. The exchange enables customers to access, download and deploy the latest Securonix threat models with a single click.
Algorithms analyze patterns of behaviors to predict future risks associated with a user or entity. For example, a user whose behaviors indicates an intention to quit would be flagged for the elevated risk of data theft associated with employees who plan to leave their jobs. Predictive analytics can also inform decision automation such as access blocks or increased authentication requirements.
UEBA Bolt 6.0 uses adaptive learning and supervised classification algorithms to provide real-time feedback to the system based on the findings and remediation patterns. This improves threat fidelity, threat detection and operational efficiency by cutting out the need for security analysts to manually tune the system.
A critical capability for UEBA solutions that leverage contextual user behavior patterns, UEBA Bolt 6.0 provides complete data masking and encryption capabilities to protect user identities while still enabling robust analytics on their activities. With granular, role-based access control, access and entitlements to data can be limited by business needs. Detailed logging capabilities are available to ensure a full audit trail of all activities within the solution.
Securonix as a Service (SxAAS)
SxAAS delivers the Securonix UEBA 6.0 solution as a cloud-based service. Customers get all the benefits of UEBA Bolt 6.0 without the hassle of managing and maintaining the platform. The solution is highly scalable and secure and is ideal for organizations that are looking for rapid deployment and quick time to value.
Out-of-the-box content in the form of packaged applications specifically designed for insider threat, cyber threat, fraud, and cloud security analytics is delivered in the form of threat models and built-in connectors that enable rapid deployment and quick time to value. Key packaged applications include: data security analytics, privileged account analytics, cyber threat analytics, application security analytics, cloud security analytics, fraud analytics and patient data analytics.
Data Security Analytics
Ingests data from sources such as email, DLP, proxy and printers to baseline normal behavior patterns and detect sudden spikes in data egress attempts coming from inside or outside the organization and potential compromises to critical data. The application also applies predictive behavior analytics that identify, profile and monitor users whose behaviors indicate an elevated risk of data theft; for example, an employee with plans to leave the company.
Privileged Account Analytics
Identifies and monitors privileged user and service accounts and detects misuse of credentials, account compromise and/or credential sharing. Securonix ingests data from sources such as Active Directory, UNIX, databases, and PIM/PAM solutions to baseline privileged account behavior and look for anomalous events such as rare transactions on sensitive data, login anomalies, and more.
Cyber Threat Analytics
Monitors security logs and network flows to detect malware infections (e.g. zero day attacks and ransomware,) system compromise, lateral movement and other advanced threats. Securonix ingests data from sources such as firewalls, proxy, VPN, IDS, DNS, endpoints and Netflow to baseline normal behavior and detect malicious patterns such as beaconing, digitally generated algorithyms, robotic behavior, random-generated domains, rare executables and programs, lateral connections and unusual web activity.
Identity and Access Analytics
Analyzes access privileges of users to identify rogue access and support risk-based access management and review. Securonix ingests entitlement data from authentication sources such as Active Directory, enterprise applications (e.g. SAP,) and IAM solutions and analyzes it using peer comparisons, fuzzy logic and SOD libraries to detect high-risk access. The solution also integrates with authentication systems (e.g. IAM) tools to decommission or block access, or step up authentication requirements based on the risk of the user.
Application Security Analytics
Monitors transaction and security logs for enterprise applications to detect and prevent attempts of data snooping, privilege misuse and sabotage. Securonix ingests transaction logs, security logs and entitlements from enterprise applications (e.g. SAP, EPIC and custom apps) to baseline normal activity patterns and identify anomalous behavior.
Cloud Security Analytics
Monitors cloud infrastructure platforms and applications for data exfiltration attempts, privilege misuse and access anomalies. Securonix also has the ability to perform data discovery and classification in cloud applications and manage dynamic permissions to critical infrastructure. Securonix supports integration with several cloud services including O365, Google Apps, Box, Salesforce, Workday, Hightail, Netskope, Okta, Ping, AWS, Azure and many more.
Fraud Security Analytics
Monitors transaction data over a period of time, profiling normal entity-data-time relationships to detect fraudulent behavior patterns. Baselines of normal transaction behavior are based on actor, target, location, time, frequency and sequence to detect rogue events such as spikes in transactions, misuse of discount or promotional codes, suspicious refunds, fraudulent prescriptions, rogue orders or suspicious shipping request. The application provides packaged use cases for many types of fraud including healthcare, ATM, online banking, retail, customer and customer service reps, among others.
Patient Data Analytics
Monitors the activity of users accessing patient records in clinical applications and detects attempts at data snooping and data exfiltration. Securonix has specific algorithms to detect different types of snooping events including family snooping, co-worker snooping, VIP snooping, self-examination, age-based anomalies and location-based anomalies. Plus, out-of-the-box integration and use cases for clinical applications such as EPIC, Cerner, Medicity and Allscripts and many others. Securonix also provides use cases, built-in reports and dashboarding capabilities for compliance requirements such as HIPAA and HITECH.