Improve your security posture with user and entity behavior analytics.

Log360 UEBA uses machine learning to detect behavior anomalies, strengthening your defenses against insider threats and data breaches.

Try Log360 now

One of the best ways to defend against both internal and external attacks is to use user and entity behavior analytics (UEBA) to continuously monitor user and device activity. UEBA learns about each user and creates a baseline of regular activities for each user and entity. 

Any activity that deviates from this baseline gets flagged as an anomaly. The IT administrator can then investigate the issue and take the necessary steps to mitigate the risk. Powered by machine learning, UEBA solutions grow more effective the more experience they gain. 

UEBA benefits:Defend against insider threats, account compromise, and data exfiltration with the use of risk scores.

A risk score is calculated for each user and entity in the organization after comparing their actions to their baseline of regular activities. The risk score can range from anywhere between 0 to 100, indicating no risk to maximum risk, respectively. The risk score is dependent on factors such as the allotted weight of the action, the extent of the deviation from the baseline, the frequency of deviation, and the time elapsed since the deviation.

In addition to an overall risk score, each user and entity will also have an associated risk score for insider threats, account compromise, and data exfiltration. If the IT administrator feels an entity or user's risk score is too high, they can investigate it further and quickly stop any potential catastrophes.

Here are some activities that might increase the risk score of users and entities, indicating possible insider threats, account compromise, and data exfiltration. 

Signs of an insider threat

  • New or unusual system accesses.
  • Unusual access times.
  • Unusual file accesses or modifications.
  • Excessive authenticalion failures.

Signs of account compromise

  • Unusual software running for a user.
  • Multiple instances of software installed on a host.
  • Numerous logon failures on a host.

Signs of data exfiltration

  • Unusual file downloads.
  • Multiple removable disk creations by users.
  • Unusual commands executed by users.
  • Abnormal host logons.

Find out how risk scores work with three real-world examples of security breaches. 

Access interactive chart

With Log360 UEBA, you can:

  • Map different user accounts to build a baseline of expected behavior for each individual user and entity.
  • Get more meaningful security context by associating a user's different actions with each other.
  • Identify anomalous user behavior based on activity time, count, and pattern.
  • Spot abnormal entity behaviors in Windows devices, SQL servers, FTP servers, and network devices such as routers, firewalls, and switches.
  • Expose threats emanating from insider attacks, account compromise, and data exfiltration.
  • Use a score-based risk assessment to prioritize threats and determine which events merit investigation.
  • Add context and substance to SIEM data to strengthen your security posture.
  • View actionable reports on indicators of compromise with details about actual behavior and expected behavior. 
  • Drill down on the risk score of any user or entity, and find out what behaviors yield which scores.

Learn how Log360 UEBA uses machine learning to help secure your business.

  • Please enter business email address
  • By clicking 'Download', you agree to processing of personal data according to the Privacy Policy.

Change the way you manage security.

Defend against sophisticated threats.

Get started with Log360 UEBA.


Your 45-days free Log360 complimentary license will be sent to your inbox.

Explore Log360 for freewith 45 days complimentary license.

  • Please enter business email only.
    Please enter business email address
  • By clicking 'Get license', you agree to processing of personal data according to the Privacy Policy.