By Ira Lisa Kristina Leino, Product Marketing Manager
UEBA enhances the investigation of unknown and insider threats and unusual patterns. The latest UEBA release broadens the detection of advanced attacks to more logs and enables the mitigation of risk and damage early in the newly covered data sources. The update provides detection capabilities for SAP system events and extends previously introduced peer grouping capabilities to two additional data sources.
UEBA and SAP: Detect suspicious and unusual activity in SAP systems
Advanced attacks are more common than ever – studies show that SAP systems are particularly prone to insider attacks, and customers are more concerned about internal than external threats. The new release provides new detection capabilities that work with our recently launched BCS for SAP solutions. The UEBA update enables advanced analytics for SAP data by allowing the investigation of user behavior in events occurring within SAP systems using the new SAP Security Audit data source. The newly released detection package focuses on:
- Suspicious successful or failed logins and brute-force attacks
- Abnormal use of or first-time access to programs, transactions, and systems
- Unusual patterns in the overall activity of users
UEBA detecting an unusual number of logins into an SAP system using HTTP
Extended peer grouping for more data sources
Our previous UEBA release introduced the peer groping functionality in the Active Directory data source. Peer grouping provides more precise detection by comparing user behavior to a group of peers and is instrumental in decreasing the number of false positives, as the comparison group narrows down and has similar habits or behaviors. The new release extends peer grouping capabilities to two additional data sources: Authentication Logs and Web Proxy Logs.
How do I get the new update to UEBA?
The release of the UEBA update happens automatically and is rolled out to current customers during the next couple of weeks. Find out more about UEBA and the latest release here.
Visit the Logpoint Help Center to find the release notes.