ProActeye UEBA for SIEM

UEBA (User & Entity Behavior Analytics) is the most promising solution to fight against cyber threats and fraud as it allows us to get ahead of the attackers by detecting risks and restrict them.

UEBA successfully detects malicious and abusive activity that otherwise goes unnoticed, and effectively consolidates and prioritizes security alerts sent from other systems. Organizations need to develop or acquire statistical analysis and machine learning capabilities to incorporate into their security monitoring platforms or services. Rule-based detection technology alone is unable to keep pace with the increasingly complex demands of threat and breach detection.

PAE uses UEBA to provide insights on cyber security and analytics. Our solution analyses volumes of data to establish a baseline of normal user and system behavior, and flag suspicious behavior anomalies. The result is a sophisticated artificial intelligence platform that detects insider and cyber threats in real time.

Advantages of UEBA

  • Provides behavior based analytics for detecting insider and targeted cyber attacks.
  • User centric monitoring across hosts, network and applications
  • Privileged account monitoring and misuse detection
  • Provides huge reduction in security events warranting investigations

Use Cases

a. Incidents in SIEM
Today most of the SIEMs provide only source IP and destination IP addresses for DoS attacks in the network. IT team takes tremendous amount of time to corelate IP address with other required information like MAC, User name, location for discovery and prevention.

ProActeye can automatically correlate IP addresses with associated MAC address, device profile, location data and associated employee identity. This will help the organization to save lot of time spent on finding these details. It is capable to disable access of such application from source IP address which will act as a prevention measure on immediate basis. It is capable ro disable access based on role on the NAC.
Incidents in SIEM

b. VPN access threats
Current SOC systems are lagging in keeping track and doing analysis on VPN activities. User can be an employee, contractor or privileged user. As per research most of the internal threats are generated from remote connections.

PAE is capable to associate VPN source IP address with associate MAC address, device profile, location, User identity and their role. This will help to monitor all activities done by VPN user and detect any abnormal activity. This is capable to disable access to such users.

This is capable to generate Email and http alerts as well for such incidents.
VPN access threats


The system provides trend of events happening over a period of time which would help the system analyst to understand the behavior of such events and can predict the trends of such occurrence. This would prove very helpful in finding or investigating critical system issues.