
User and Entity Behavior Analytics
Detect insider threats and advanced attacks with machine learning driven analytics

As the threat landscape becomes more complex, involving compromised user credentials, malicious insiders, and zero-day exploits across various layers and vectors, FireEye Helix native User and Entity Behavior Analytics (UEBA) capabilities give you a more comprehensive approach to cybersecurity. Helix uses machine learning, algorithms and statistical analysis to detect threats rather than looking for known attacker signatures.
Enhanced Threat Detection and Response
FireEye Helix detects advanced threats with machine learning by analyzing and comparing the behavior of both users and entities. These analytics define your organization’s 'normal' behavior and create alerts based on statistical deviations. Detection that is tailored to your organization allows security teams to triage alerts faster and get answers quickly - focusing on the threats that matter.
Expose Insider Threats
Monitors and report on user data access across all connected devices, accounts, networks and applications to prevent sensitive information from leaving your organization. Using behavior baselining, FireEye Helix can detect insider threats and automatically generate reports to meet data compliance standards including PCI and HIPAA.
How our UEBA solution works
As a native security analytics module in the FireEye Helix platform, UEBA utilizes machine learning to identify normal behavior and alert to risky deviations that suggest insider threats, lateral movement, or attacks at the end of the cyber kill chain
Features

Insider Threat Detection
Detect compromised accounts and privilege abuse through user behavior analysis.

Generate automatic reports
Meet data compliance standards including PCI and HIPAA.

Data Exfiltration Detection
Detect late stage attacks by identifying when data is being exfiltrated from your environment.

Entity Analytics
Monitor all your connected devices and networks, from industrial control systems to the cloud. Detect abnormal configurations or alterations to security logging to prevent covert attacker access.

Credential Abuse Detection
Identify compromised credentials and passwords by observing logins that are indicative of account abuse by attackers.

Compromised VPN Account Detection
Use models of login times and locations as well as login hostnames to establish common login behavior for users within a network.

Behavior baselining
See when devices are connecting to unusual addresses and sending data outside of their normal boundaries.

Advanced machine learning
Alert to abnormal data flow volumes and destinations with combined machine learning and statistical anomaly detection.
Ready to get started?
Learn more about the FireEye Helix platform or contact sales to schedule a demo.