Detect Cyber-Attacks and Insider Threats

Today’s enterprise is encountering two types of threats: cyber-attacks and insider threats. Once a cyber-attacker gains trusted access to an environment it is extremely difficult to distinguish his/her activity from a benign user. Insiders have an advantage because they have trusted access to an environment that traditional security solutions are not designed to combat.

Splunk User Behavior Analytics (Splunk® UBA) is an out-of-the-box solution that helps organizations find known, unknown, and hidden threats using data science, machine learning, behavior baseline, peer group analytics and advanced correlation. It presents results with risk ratings and supporting evidence so that an analyst and a hunter can quickly respond and take actions.

  • Detects APTs, malware infections, and insider threats without writing signatures, rules, policies, or human analysis
  • Improves threat detection and targeted response using a variety of threat indicators and supporting evidence within context of the kill chain to enable targeted remediation
  • Dramatically increases SOC efficiency with rank ordered lists showing events in the kill chain linked from summary to supporting information over time
  • Seamlessly integrates threat information with Splunk Enterprise and Splunk App for Enterprise Security, to further scope, disrupt, contain and recover from the attack
Get Started
 

User Behavior Analytics Product Tour

Splunk User Behavior Analytics Key Features

behavior based threat detection

Behavior-Based Threat Detection

Behavior profiling and peer group analytics on users, devices, service accounts, and applications to detect anomalies and map threats into a kill chain.
streamlined threat workflow

Streamlined Threat Workflow

Visualize hidden threats and anomalies for review and analysis centered on security analyst and hunter workflows.
kill chain detection and attack vector discovery

Kill Chain Detection and Attack Vector Discovery

Automated identification of APT/breach activity, lateral movement, real-time anomaly classification, and suspicious kill-chains - pass-the-hash attacks, etc.
threat review and exploration

Threat Review and Exploration

Interactive threat exploration including visibility into supporting evidence for quick investigation and response.
self learning and tuning

Self-Learning and Tuning

Self-learning and adaptive algorithms (machine learning and statistics) help highlight abnormal / suspicious path and frequencies including critical threat identification.

Splunk UBA Use Cases

By addressing the entire lifecycle of an attack – cyber or insider, and by providing a platform to detect, respond, and automate, Splunk continues to deliver the industry's most compelling security analytics solution.

  • IP Theft & Data Exfiltration
    Quickly identify evidence of data exfiltration from assets or users within an organization
  • Account Hijacking & Privileged Account Abuse
    Quickly detect compromised accounts and gain full visibility into threats associated with privileged accounts
  • Virtual Container & Cloud Asset Compromise
    Behavior base lining, anomaly detection, and threat detection for virtual containers and cloud applications
  • Fraud Detection
    Behavioral modeling on transactions, and automated threat modeling to detect fraudulent activity
  • Suspicious Behavior: User, Device, & Application
    Identify threats and anomalies associated with user and entities within an organization: User and Entity Behavior Analytics (UEBA)
  • Malware Detection & Lateral Movement
    Detect cyber-attacks and gain visibility into threat actor’s east-west movement within an organization
 

Available Workflows in Splunk UBA

Splunk® UBA maps threats and anomalies across a kill-chain to drive multiple workflows addressing the needs of a CISO, SOC analyst, IR analyst and Hunter.

mint express logo

Security Analytics

Fully automated anomaly detection framework including peer group analytics to enable a hunter to explore threats, identify key violations, and suspicious patterns.

mint express logo

Threat Detection

A one-stop-solution addressing cyber-attacks and insider threats such as APTs, malware infections, privileged account abuse, data exfiltration, fraud, and on-line account take over.

Why Splunk for User Behavior Analytics?

Splunk UBA detects cyber-attacks and insider threats using data science, machine learning, behavior baseline, peer group analytics, and advanced correlation. Our advanced security analytics solution enables organizations of any size or skillset to detect and respond to known, unknown, and hidden threats. By addressing the entire lifecycle of an attack – cyber or insider, and by providing a platform to detect, respond, and automate, Splunk continues to deliver the industry's most compelling security analytics solution.

Ask an Expert

Need help with your environment and requirements? Send us your questions and we will get back to you as soon as possible.

 

Email us at ubainfo@splunk.com.

 

If you need immediate assistance, check out our community forum, Splunk Answers.

vi ly expert