Securonix UEBA Reviews

My primary use case for Securonix UEBA is user threat notification and user behavior analysis.

The most valuable features of Securonix UEBA include insider threat monitoring, which provides complete visibility of user activities, and next-gen AI-based behavior analytics. The customizable UEBA-based analytics dashboard is highly effective and covers most use cases from a UEBA point of view.

Securonix UEBA is used for lateral movement detection, ransomware detection, multiple malware detections, user activity monitoring, and behavior analysis.

We have completed a large number of additional use cases based on specific effects and commitment.

Their user and entity behavior analysis algorithms are the most valuable features. I believe, the cyber analytics algorithm is the unique differentiator.

The built-in algorithms for detecting anomalies and threats.

We use it for insider threat detection. It's appliance-based in the data center.

Previously, we did not have visibility into some of the behaviors until we had this tool. Only then we were able to surface those behaviors. An example is that people can log into VPN at night from another country - people actually do that all the time - and that's the leading cause of a credential compromise scenario. We did not have visibility into that before so we couldn't figure out what was going on there to come up with a mitigation plan. Now we can make data-driven decisions to mitigate that vulnerability.

Securonix has enabled our team to focus on threats rather than on engineering of the platform. Algorithms deliver through the program platform. We just go into the system, point and click and pick and choose algorithms that are needed to satisfy the use case. So we don't have to write any code. We don't have to write any customizations.

The solution has also decreased the time required to investigate alerts or threats because we don't have to sort through or do the log analysis. We don't have to look at individual log entries to figure out what's going on. Now, the system has ingested the data and it has derived intelligence from those raw records. They're visualized and assembled on the timeline and presented on the dashboard. You can imagine how much that's going to save an analyst's time in investigating or knowing what's going on. And in some cases, it's even night and day, meaning it has gone from impossible to possible. In those cases the amount of decrease in time would not even be applicable, for good reason. In other cases, the time it saves us is approximately 30 to 40 percent.

Securonix UEBA also helps to surface high-risk events that require immediate attention or action. It gives us the ability to prioritize the risk. That is a focus in the design of the platform. There are many ways it allows users to prioritize the risks that are very important, per that organization's threat landscape. It's either done through re-scoring boosting or you can craft a segregated dashboard to focus on something. You can also have a targeted user-list on which you want to focus the monitoring. There are many ways to pick and choose and combine to meet our prioritization requirements.

The solutions Hadoop-based platform has definitely also provided operational benefits. We talk about the "three V's," the challenges in dealing with big data. Data is high in volume, it changes all the time - the loss is very high - and it can be unstructured. By basing the platform on the Hadoop big-data platform, versus a single SQL database, it definitely meets the requirements for monitoring.

We are using the solution for behavioral analysis of the users and behavioral analysis of network traffic. For example, if we know that there is an IP address that keeps reaching out, we confirm it with the client, put that in behavioral analysis and say, "Okay. This is a regular behavior." It's not going to trigger us if they reach out to a certain threshold. If that IP reaches out to over that threshold, then we are going to tell the client, "Something seems to be wrong over here. This machine does not go to that IP address a lot, but this is going on a lot today."

From a behavioral analysis perspective, the use cases are data exportation by contractors, by determination, account accessing, removal of media.

The version we are using is SNYPR.

One of the most valuable features is UEBA. It's pretty helpful for us to make sure of our thresholds for any of our clients. Another great feature is how Investigation Workbench works with all of the user analysis.

They are continuously improving things. They keep putting new policies and new rules as well as updating the old ones.