UEBA

SDA

UEBA

User and entity behavior analytics

UBA, ML, static analysis, correlation

Product overview

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

Security Vision UEBA will detect changes in user and account performance, devices and processes, traffic volumes and other behavioral attributes.

By analyzing raw data streams from various sources (data lakes, SIEM, NGFW, proxy servers and other network and Windows/Linux devices), the product will ensure the detection of new types of incidents. Built-in behavioral analysis capabilities can be supplemented by setting up new or adapting existing sigma and correlation rules.

Application

Collection of “raw” events from various sources

Integration with information security and other sources of information security events; when collected, events are converted into incidents when their number accumulates (for example, when volume indicators are exceeded) and total weight (each event has weight). There are white lists (for exceptions) and lists of critical systems (for automatically creating incidents without taking into account events and their weight)

Combining analysis technologies

~30 unique correlation rules in combination with methods of mathematical statistics (~50 built-in rules) and machine learning: open-source datasets (ddos, bot, lateral, malware, suspicious, etc.), emulation of attack scenarios at the Security Vision cyber testing site, as well as training the system on client traffic (“supervised” models)

Built-in investigation and response processes

The ability to automatically send new incidents and events to SOAR or SIEM, automatically enrich information on objects from internal and external sources (AD, Whois, etc.) as well as built-in response actions (adding to NGFV blocklists, adding to SIEM active lists and other operations)

Get a demo of a
Security Vision product

Mail us to sales@securityvision.ru
or get a demo

Other products

SOAR

Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach.

NG SOAR

Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included.

TIP

Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM

Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations.

RM

Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM

Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM

Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions.

CM

Compliance Management

Audit of compliance with various methodologies and standards

AD + ML

User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Other products

SOAR

Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach.

NG SOAR

Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included.

TIP

Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM

Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations.

RM

Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM

Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM

Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions.

CM

Compliance Management

Audit of compliance with various methodologies and standards

AD + ML

User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

SOT

SOAR Security Orchestration, Automation and Response

NG SOAR Next Generation SOAR

AM Asset Management

VM Vulnerability Management

FinCERT Financial Computer Emergency Response Team

GovCERT Government Computer Emergency Response Team

SDA

TIP Threat Intelligence Platform

UEBA User and Entity Behavior Analytics

AD + ML User and Entity Behavior Analysis

GRC

RM Risk Management

ORM Operational Risk Management

CM Compliance Management

BCP Business Continuity Plan

OTS Operational Technology Security

UEBA

Product overview

Application

UEBA

Product overview

Application

SDA

UEBA

Product overview

Application

Collection of “raw” events from various sources

Combining analysis technologies

Built-in investigation and response processes

Get a demo of a Security Vision product

Other products

SOAR Security Orchestration, Automation and Response Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach.

TIP Threat Intelligence Platform Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM Asset Management Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations.

RM Risk Management Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM Operational Risk Management Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM Vulnerability Management Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions.

CM Compliance Management Audit of compliance with various methodologies and standards

AD + ML User and Entity Behavior Analysis Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

BCP Business Continuity Plan Automation of ensuring continuity and restoration of activities after emergencies.

FinCERT Financial Computer Emergency Response Team Financial Computer Emergency Response Team

GovCERT Government Computer Emergency Response Team Government Computer Emergency Response Team

OTS Operational Technology Security Operational Technology Security

Other products

SOAR Security Orchestration, Automation and Response Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach.

TIP Threat Intelligence Platform Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM Asset Management Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations.

RM Risk Management Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM Operational Risk Management Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM Vulnerability Management Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions.

CM Compliance Management Audit of compliance with various methodologies and standards

AD + ML User and Entity Behavior Analysis Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

BCP Business Continuity Plan Automation of ensuring continuity and restoration of activities after emergencies.

FinCERT Financial Computer Emergency Response Team Financial Computer Emergency Response Team

GovCERT Government Computer Emergency Response Team Government Computer Emergency Response Team

OTS Operational Technology Security Operational Technology Security

This website uses cookies to ensure you get the best experience.

SOAR
Security Orchestration, Automation and Response

NG SOAR
Next Generation SOAR

AM
Asset Management

VM
Vulnerability Management

FinCERT
Financial Computer Emergency Response Team

GovCERT
Government Computer Emergency Response Team

TIP
Threat Intelligence Platform

UEBA
User and Entity Behavior Analytics

AD + ML
User and Entity Behavior Analysis

RM
Risk Management

ORM
Operational Risk Management

CM
Compliance Management

BCP
Business Continuity Plan

OTS
Operational Technology Security

Get a demo of a
Security Vision product

SOAR

Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach.

TIP

Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM

Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations.

RM

Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM

Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM

Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions.

CM

Compliance Management

Audit of compliance with various methodologies and standards

AD + ML

User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

BCP

Business Continuity Plan

Automation of ensuring continuity and restoration of activities after emergencies.

FinCERT

Financial Computer Emergency Response Team

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

Government Computer Emergency Response Team

OTS

Operational Technology Security

Operational Technology Security

SOAR

Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach.

TIP

Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM

Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations.

RM

Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM

Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM

Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions.

CM

Compliance Management

Audit of compliance with various methodologies and standards

AD + ML

User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

BCP

Business Continuity Plan

Automation of ensuring continuity and restoration of activities after emergencies.

FinCERT

Financial Computer Emergency Response Team

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

Government Computer Emergency Response Team

OTS

Operational Technology Security

Operational Technology Security