Splunk User Behavior Analytics
Looking for trouble
Detect Cyber-Attacks and Insider Threats
Today’s enterprise is encountering two types of threats: cyber-attacks and insider threats. Once a cyber-attacker gains trusted access to an environment it is extremely difficult to distinguish his/her activity from a benign user. Insiders have an advantage because they have trusted access to an environment that traditional security solutions are not designed to combat.
Splunk User Behavior Analytics (Splunk® UBA) is an out-of-the-box solution that helps organizations find known, unknown, and hidden threats using data science, machine learning, behavior baseline, peer group analytics and advanced correlation. It presents results with risk ratings and supporting evidence so that an analyst and a hunter can quickly respond and take actions.
- Detects APTs, malware infections, and insider threats without writing signatures, rules, policies, or human analysis
- Improves threat detection and targeted response using a variety of threat indicators and supporting evidence within context of the kill chain to enable targeted remediation
- Dramatically increases SOC efficiency with rank ordered lists showing events in the kill chain linked from summary to supporting information over time
- Seamlessly integrates threat information with Splunk Enterprise and Splunk App for Enterprise Security, to further scope, disrupt, contain and recover from the attack
Anomaly Review (User Centric)
A high level summary visualizing threats and anomalies found within an organization,
along with details on users, devices, applications, and active sessions baselined
and the ones showing anomalies.
Threat review screen assists with threat exploration and displays duration of the attack
including anomalies observed, users, devices, and applications stitched as part
of the attack.
This dashboard provides a user centric view highlighting total users behavior profiled within an organization, users mapped to anomalies, threats, and anomalous sessions. In addition, the view displays threat and anomaly classification, and also anomalous user trend over time.
Splunk User Behavior Analytics Key Features
Streamlined Threat WorkflowVisualize hidden threats and anomalies for review and analysis centered on security analyst and hunter workflows.
Kill Chain Detection and Attack Vector DiscoveryAutomated identification of APT/breach activity, lateral movement, real-time anomaly classification, and suspicious kill-chains - pass-the-hash attacks, etc.
Threat Review and ExplorationInteractive threat exploration including visibility into supporting evidence for quick investigation and response.
Self-Learning and TuningSelf-learning and adaptive algorithms (machine learning and statistics) help highlight abnormal / suspicious path and frequencies including critical threat identification.
Why Splunk for User Behavior Analytics?
Splunk UBA detects cyber-attacks and insider threats using data science, machine learning, behavior baseline, peer group analytics, and advanced correlation. Our advanced security analytics solution enables organizations of any size or skillset to detect and respond to known, unknown, and hidden threats. By addressing the entire lifecycle of an attack – cyber or insider, and by providing a platform to detect, respond, and automate, Splunk continues to deliver the industry's most compelling security analytics solution.