User Entity Behavior Analytics (UEBA)

Get a single unified view in your environment with Stellar Cyber's security operations platform

Automatically and constantly discovering new assets, profiling users, and identifying their behavior and risk
Learn more about NG-SIEM >

Get a single unified view in your environment with Stellar Cyber's security operations platform

Automatically and constantly discovering new assets, profiling users, and identifying their behavior and risk

Comprehensive Asset Inventory and Advanced User Analytics

  • Dynamically discover assets across networks, endpoints and cloud environments through open extended detection and response Open XDR
  • Constantly discover assets from a variety of sources – sensors, logs, host information or 3rd party applications
  • Uniquely identify assets with either host names, MAC addresses or IP addresses
  • Automatically collect and fuse user-relevant data from multiple data sources across security infrastructure, delivering on the idea of Open XDR
  • Enable sophisticated behavioral analytics through machine learning
  • Detect bad behaviors without any rules or signatures
  • Discover and provide asset/user relationships
  • Complement the detections with other security capabilities on the platform

Entity Analytics -- Beyond SIEM Security

  • Assigns a risk score based on observed security events and asset risk profile
  • Provides a centralized risk-level view of all assets–network security, cloud security and IT security
  • Correlates asset information with user, threat, location and vulnerability data through Open XDR
  • Provides a kill chain view of security events for each asset
  • Offers a panoramic view of lateral movement of attacks around an asset across security infrastructure
  • Enables flexible searching or filtering of assets in various ways such as CVEs
  • Tags each security event with asset ID

User-Centric View

  • Provides full visibility of users’ activities and threats anywhere across IT security, including SIEM tools
  • Tracks threats by user rather than by threat type
  • Associates a user with a risk score for easy identification of risky users
  • Security analysis is easy through tightly integrated security applications such as malware detection
Learn more about NG-SIEM >
Request A Demo >

What People Are Saying

ZKResearch

The breadth of Stellar Cyber’s offering, including UEBA, NTA, NG-SIEM and automated response, and their ability to integrate with any endpoint detection and response (EDR) platform makes it the first Open XDR system I am aware of

Zeus Kerravala

Principal Analyst for ZK Research

Network security

Stellar Cyber delivers built-in Network Detection & Response (NDR), NG-SIEM and Automated Response

Rik Turner

Principal Analyst, Infrastructure Solutions

Key Features

Detect User Anomaly Behaviors
That SIEM Tools Miss

The UEBA App in Stellar Cyber’s Open XDR platform collects and fuses user-relevant data from a variety of data sources across security infrastructure such as SIEM tools, network traffic, Active Directory logs, and applications like Office 365. It applies sophisticated behavioral security analysis through machine learning.Read More >>

It baselines users’ typical behaviors in order to detect their anomalous activities. It can rapidly detect bad behaviors without the need to write any rules or signatures. Combined with other relevant security events detected with many tightly-integrated security applications such as malware detection, the UBA App can quickly detect malicious users or compromised users. << Show Less

Advanced Asset Management--
Beyond SIEM Security Thinking

Drive a holistic view and bring together IT security, network security and cloud security. Stellar Cyber’s UEBA automatically and continually discovers and inventories all assets across networks, clients and cloud environments by collecting information from many different sources such as network traffic, logs, endpoints, vulnerability scan results, etc. Read More >>

It provides a unified view of all assets by host name, user, location, device type, manufacturer and many more identifiers. It allows the user to prioritize assets by assigning value to assets, and to group assets by assigning tags. It identifies and alerts analysts to unauthorized assets in a network.<< Show Less

Fast Investigation and Easy Threat Hunting

Assets sorted by risk scores can help security analysis focus on the most critical and high-risk assets. Cyber kill chain view helps analysts focus on the most important security infrastructure events of an asset. Panoramic view automatically draws the timeline of attack events associated with an asset along the cyber kill chain while visualizing the lateral movements of attacks among assets. Read More >>

Powerful Google-like search can quickly nail down the security event. The rich context of the assets allows the asset under investigation to be quickly identified and located.<< Show Less

See Critical Events Through User Behavior Analysis

UEBA provides a holistic view of all users’ activities, abnormal behaviors, security events and the associated security risk. Rather than focusing on malware delivery events or data ex-filtration events, for example, the UEBA capability provides a global view of user activity.
Read More >>

And, as an integrated security toolkit and by fusing data from variety of sources, the Stellar Cyber platform works with other apps to easily enable analysts to cross-check events to elevate a given user’s risk score.<< Show Less

Auto Correlation and Risk Profiling Simplifying Security Analysis

UEBA automatically correlates asset information with other information such as user information, location, threat intelligence, vulnerability/CVEs. Each security event is automatically associated with its asset information. With rich context around an asset and all of its related security events, UEBA provides a centralized view of risk levels of all assets with a proper risk score assigned to each asset–truly empowering security analysis.

Request a Demo