Insider actions, whether on purpose or accidental, cause the majority of breaches reported by respondents to multiple SANS surveys (including this one) conducted in 2017. Yet these same responses also indicate that user activities, including those performed through breached credentials, are often not analyzed in threat management lifecycles.
When threats occur, understaffed security operations centers usually lack easy access to contextual information, including:
This lack of visibility is a key problem that LogRhythm's CloudAI technology-applied to user and entity behavior analytics (UEBA)-was built to solve. Using supervised and unsupervised learning, CloudAI establishes baselines then monitors user behavior, automatically scoring user actions as harmless, risky or malicious based on multiple criteria.
In this webcast, senior SANS instructor and analyst Dave Shackleford will discuss his experience reviewing LogRhythm CloudAI as he runs through various use cases, such as insider threat, account compromise and admin abuse.
Learn how LogRhythm CloudAI:
View the associated whitepaper here.