UEBA Bolt 6.0 is a behavior-based threat prediction, detection and prevention engine that mines, enriches, analyzes, prioritizes, and transforms machine data into actionable intelligence. Using patent pending signature-less anomaly detection techniques that track user, account, and system behavior, Securonix Enterprise automatically and accurately detects the most advanced and sophisticated insider threats and cyber attacks.
  • Detect insider threats and cyber attacks that go unnoticed by signature-based technologies
  • Focus on protecting the data that is the most valuable to the organization
  • Reduce the number of alerts and incidents that warrant investigations

How Does it Work?

Entity profiling

Entity Profiling

Securonix aggregates everything of importance to a user, account, application, device, to create a unified view for every entity. Securonix automatically learns each entity’s normal behavior patterns and track its risk posture over time.
Threat detection

Threat Detection

Securonix uses patent pending signature-less anomaly detection algorithms paired with known threat indicators and third party intelligence to continuously monitor data to identify high risk, abnormal, and fraudulent activities from within or outside the organization.
Investigation

Investigation

Securonix provides everything that an investigator needs on one screen to investigate and track an incident, and take actions. Investigate any identified threat, security event, user, account, or system using a drag and drop visualization palette to explore linkages in data.

Product Highlights

High-Risk Entity Dashboard

Securonix’s High-Risk Entity Dashboard provides a unified and prioritized view of all the high-risk insider and cyber threats across all users, accounts, hosts, endpoints in the enterprise.

Multi-Entity Investigation Workbench

Securonix’s Investigation Workbench is a powerful tool for the analyst to visually investigate the most sophisticated threats and attacks using simple drag-and-drops, and identify similarities and anomalies between all entities in the organization.

Advanced Correlation of 3rd Party Intelligence

Securonix combines event analytics with over 15 3rd party intelligence providers to correlate events in the network with known bad threat actors and suspicious network events such as remote access to sensitive data from abnormal geographical locations.

Data Encryption and Masking

Securonix’s data encryption and masking capabilities provides the complete capability to secure, encrypt, and mask PII (Personally Identifiable Information) data, which is in alignment with the most stringent data security and privacy requirements in the industry.

Product Key Features

Real-Time Behavior Analytics

Real-Time creation and continuous update of behavior profiles for every entity and peer group at the time of data and event ingestion.

Threat Dashboards

Personalized and fully-customizable threat dashboards presenting prioritized and aggregated risk scores by organization and department.

Threat Management

Threat management capability for the analysts to review, investigate and escalate incidents, including embedded incident management system with customizable workflows.

Threat Library

The industry’s largest and most mature library of threat models and indicators to detect the most advanced insider and cyber attacks.

Scalability

Horizontally scalable architecture able to monitor organizations with close to 1 million users and billions of transactions per day.

Third-Party Integrations

Data collection and analysis from over 200 supported data sources directly, or from any major log aggregation and SIEM technologies.

Packaged Applications

Out-of-the-box content in the form of packaged applications specifically designed for insider threat, cyber threat, fraud, and cloud security analytics is delivered in the form of threat models and built-in connectors that enable rapid deployment and quick time to value. Key packaged applications include: data security analytics, privileged account analytics, cyber threat analytics, application security analytics, cloud security analytics, fraud analytics and patient data analytics.

Data Security Analytics

Ingests data from sources such as email, DLP, proxy and printers to baseline normal behavior patterns and detect sudden spikes in data egress attempts coming from inside or outside the organization and potential compromises to critical data. The application also applies predictive behavior analytics that identify, profile and monitor users whose behaviors indicate an elevated risk of data theft; for example, an employee with plans to leave the company.

Privileged Account Analytics

Identifies and monitors privileged user and service accounts and detects misuse of credentials, account compromise and/or credential sharing. Securonix ingests data from sources such as Active Directory, UNIX, databases, and PIM/PAM solutions to baseline privileged account behavior and look for anomalous events such as rare transactions on sensitive data, login anomalies, and more.

Cyber Threat Analytics

Monitors security logs and network flows to detect malware infections (e.g. zero day attacks and ransomware,) system compromise, lateral movement and other advanced threats. Securonix ingests data from sources such as firewalls, proxy, VPN, IDS, DNS, endpoints and Netflow to baseline normal behavior and detect malicious patterns such as beaconing, digitally generated algorithyms, robotic behavior, random-generated domains, rare executables and programs, lateral connections and unusual web activity.

Identity and Access Analytics

Analyzes access privileges of users to identify rogue access and support risk-based access management and review. Securonix ingests entitlement data from authentication sources such as Active Directory, enterprise applications (e.g. SAP,) and IAM solutions and analyzes it using peer comparisons, fuzzy logic and SOD libraries to detect high-risk access. The solution also integrates with authentication systems (e.g. IAM) tools to decommission or block access, or step up authentication requirements based on the risk of the user.

Application Security Analytics

Monitors transaction and security logs for enterprise applications to detect and prevent attempts of data snooping, privilege misuse and sabotage. Securonix ingests transaction logs, security logs and entitlements from enterprise applications (e.g. SAP, EPIC and custom apps) to baseline normal activity patterns and identify anomalous behavior.

Cloud Security Analytics

Monitors cloud infrastructure platforms and applications for data exfiltration attempts, privilege misuse and access anomalies. Securonix also has the ability to perform data discovery and classification in cloud applications and manage dynamic permissions to critical infrastructure. Securonix supports integration with several cloud services including O365, Google Apps, Box, Salesforce, Workday, Hightail, Netskope, Okta, Ping, AWS, Azure and many more.

Fraud Analytics

Monitors transaction data over a period of time, profiling normal entity-data-time relationships to detect fraudulent behavior patterns. Baselines of normal transaction behavior are based on actor, target, location, time, frequency and sequence to detect rogue events such as spikes in transactions, misuse of discount or promotional codes, suspicious refunds, fraudulent prescriptions, rogue orders or suspicious shipping request. The application provides packaged use cases for many types of fraud including healthcare, ATM, online banking, retail, customer and customer service reps, among others.

Patient Data Analytics

Monitors the activity of users accessing patient records in clinical applications and detects attempts at data snooping and data exfiltration. Securonix has specific algorithms to detect different types of snooping events including family snooping, co-worker snooping, VIP snooping, self-examination, age-based anomalies and location-based anomalies. Plus, out-of-the-box integration and use cases for clinical applications such as EPIC, Cerner, Medicity and Allscripts and many others. Securonix also provides use cases, built-in reports and dashboarding capabilities for compliance requirements such as HIPAA and HITECH.