CyberMAK Information Systems

Splunk® User Behaviour Analytics

Splunk® User Behavior Analytics (UBA) is an out-of-the-box solution that helps organizations find known, unknown, and hidden threats using data science, machine learning,

behavior baseline, peer group analytics and advanced correlation. It presents results with risk ratings and supporting evidence so that an analyst and a hunter can quickly respond

and take actions. UBA seamlessly integrates threat information with Splunk® Enterprise and Splunk® Enterprise Security, to further scope, disrupt, contain and recover from an attack.

Splunk® User Behavior Analytics:

    - Detects insider threats and external attacks using out-of-the-box purpose-built, but extensible unsupervised machine learning (ML) algorithms

    - Provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View)

    - Increases Security Operations Center efficiency with rank-ordered threats and supporting evidence

    - Supports bi-directional integration with Splunk® Enterprise for data ingestion and correlation and with Splunk® Enterprise Security for incident scoping, workflow management and automated response