Detect Insider Threats with Cloud Native LogRhythm UEBA

LogRhythm UEBA

The cyberthreat landscape has become more sophisticated due to the volume and complexity of attacks. That’s why it’s harder than ever to detect employees’ anomalous behavior or compromised accounts. As your security operations center (SOC) becomes more mature and you have already setup deterministic rules, it’s vital to expand your threat detection coverage with anomaly detection.

LogRhythm understands the desire for greater visibility and advanced analytics to detect anomalies tied to potential user attacks. That’s the foundation of LogRhythm UEBA, our cloud native user entity behavior analytics (UEBA) solution. Read on to learn what’s new with LogRhythm UEBA and how we’ve enhanced the product to offer greater customer value and advanced threat detection.

Why LogRhythm UEBA Matters

Anytime you need to compare activity against a user’s baseline, advanced analytics come into play. Formerly known as CloudAI, LogRhythm UEBA detects changes in user behavior that alert users to potential threats. Offered as a cloud native add-on, LogRhythm UEBA is easy to deploy within the LogRhythm SIEM Platform. It uses machine learning to detect outliers, such as what is normal behavior versus abnormal behavior (e.g., outliers or unusual user activity) that warrants additional investigation.

Often security teams need to collect and analyze a lot of data manually to try to identify anomalies that are potential threats. LogRhythm UEBA saves analysts time by prioritizing only threats or anomalies that require further investigation.

We recently updated the name to LogRhythm UEBA to better describe LogRhythm’s vision of holistic analytics around UEBA. We also sought to reposition LogRhythm UEBA’s importance in LogRhythm’s suite of products. After all, there’s a growing need for UEBA solutions. Case in point: insider threats have increased by 44 percent over the last two years with costs per incident up more than a third to $15.38 million, according to Ponemon.

How LogRhythm UEBA Adds Greater Value

When trying to identify anomalies in your network, detection is critical. LogRhythm UEBA adds additional layers of detection against user-based threats including insider threats, compromised accounts, administrator abuse, and misuse to alert your organization to threats. Specifically, LogRhythm UEBA helps you detect user-based threats and other difficult-to-find anomalies that would otherwise go unnoticed.

In addition to our out-of-the-box deterministic AI Engine UEBA rules that are included in the LogRhythm SIEM, LogRhythm UEBA also offers advanced analytics by detecting outliers without the need of explicit defined logic. This allows you to attain a rapid time to value. Since LogRhythm UEBA self evolves, you benefit from continuous, automated tuning without the need for manual intervention.

Another benefit of LogRhythm UEBA is that it functions as an advanced UEBA log source in the SIEM and seamlessly integrates with the LogRhythm SIEM. There’s no need for extra log ingestion since LogRhythm UEBA connects directly to the data indexer (DX) to collect the logs it needs. LogRhythm UEBA’s native integration gives analysts greater context and visibility to detect anomalies.

What’s New in LogRhythm UEBA

At LogRhythm, we’re constantly innovating and updating our products. That’s part of our ongoing commitment to our customers. Recently, we added new LogRhythm UEBA models that can help your team detect better and alert less to reduce alert fatigue. The new models include new across IDs (e.g., the new location or host that is new across all monitored identities) and improbable travel between origin locations.

LogRhythm UEBA features more contextualization in the logs to improve the analyst workflow. For example, the “new” and “new_across_ids” show the hosts or locations that triggered the anomaly directly in the log. In addition, anomalies (when applicable) are mapped to MITRE D3FEND, a knowledge graph that describes technical functions within cyber technologies in a common language of “countermeasure techniques.”

Other LogRhythm UEBA updates include user score and feature score improvements. LogRhythm UEBA now offers enhanced score normalization across all users within the same company to better highlight the most anomalous users. User score improvements also better reflect potential security threat risks.

LogRhythm UEBA in Action

When it comes to your environment, detecting user-based threats is critical. LogRhythm UEBA adds the extra layers of detection your organization needs against potential threats. To learn more about LogRhythm UEBA and how it can help your organization, download the data sheet or watch the on-demand webinar.