FireEye Helix pictogram

User and Entity Behavior Analytics (UEBA)

Detect insider threats and advanced attacks with machine learning driven analytics

As the threat landscape becomes more complex, involving compromised user credentials, malicious insiders, and zero-day exploits across various layers and vectors, FireEye Helix native UEBA capabilities give you a more comprehensive approach to cybersecurity. Helix uses machine learning, algorithms and statistical analysis to detect threats rather than looking for known attacker signatures.

Enhanced Threat Detection and Response

FireEye Helix detects advanced threats with machine learning by analyzing and comparing the behavior of both users and entities. These analytics define your organization’s 'normal' behavior and create alerts based on statistical deviations. Detection that is tailored to your organization allows security teams to triage alerts faster and get answers quickly - focusing on the threats that matter.

Detect Known and Unknown Threats

Identify new and unknown threats based on anomalous behaviors without the need for human input. Alert to malicious downloads, application abuse, off-domain communication or large-scale encryption.

Expose Insider Threats

Monitors and report on user data access across all connected devices, accounts, networks and applications to prevent sensitive information from leaving your organization. Using behavior baselining, FireEye Helix can detect insider threats and automatically generate reports to meet data compliance standards including PCI and HIPAA.

How our UEBA solution works

As a native security analytics module in the FireEye Helix platform, UEBA utilizes machine learning to identify normal behavior and alert to risky deviations that suggest insider threats, lateral movement, or attacks at the end of the cyber kill chain

TESTIMONIAL

“FireEye’s holistic approach is enhancing our overall security ecosystem and making it easier to demonstrate to our clients that their security compliance requirements are being proficiently handled.”

- Alvin Aw, Head of Information Technology, Dentons Rodyk & Davidson LLP

Features

Insider Threat Detection

Insider Threat Detection

Detect compromised accounts and privilege abuse through user behavior analysis.

Generate automatic reports

Generate automatic reports

Meet data compliance standards including PCI and HIPAA.

Data Exfiltration Detection

Data Exfiltration Detection

Detect late stage attacks by identifying when data is being exfiltrated from your environment.

Entity Analytics

Entity Analytics

Monitor all your connected devices and networks, from industrial control systems to the cloud. Detect abnormal configurations or alterations to security logging to prevent covert attacker access.

Credential Abuse Detection

Credential Abuse Detection

Identify compromised credentials and passwords by observing logins that are indicative of account abuse by attackers.

Compromised VPN Account Detection

Compromised VPN Account Detection

Use models of login times and locations as well as login hostnames to establish common login behavior for users within a network.

Behavior baselining

Behavior baselining

See when devices are connecting to unusual addresses and sending data outside of their normal boundaries.

Advanced machine learning

Advanced machine learning

Alert to abnormal data flow volumes and destinations with combined machine learning and statistical anomaly detection.

Related features within Helix

Security Analytics

Security Analytics

Surface answers from your data
with next gen. security analytics.

SIEM

SIEM

Next-generation security information
and event management tools.

SOAR Security

SOAR Security

Simplify threat response with Security Orchestration and Automation Response.

Ready to get started?

Learn more about the FireEye Helix platform, or contact sales to schedule a demo.

+1 888-227-2721 +61 281034308 +32 28962867 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1566 +353 (0)216019160 +39 0294750535 +81 3 4577 4401 +03 77248276 +52 5585268207 +31 207941289 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +46 853520870 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914