by Ira Lisa Kristina Leino Product Marketing Manager
An update to our UEBA product will be rolled out for all users starting week 4. The update to UEBA brings the first phase of peer grouping capabilities for a better insight into a group of users and includes various platform optimizations for more stable operations.
Peer grouping capabilities
Until now, certain detectors have compared logged behavior against the user or entity itself and all other users and entities in the UEBA installation. With the new update, a set of detectors in the Active Directory data source can compare logged behavior to a narrower group of peers, which have similar behavior overall. Peer grouping provides more precise detection and decreases the number of false positives, as the detectors are comparing behavior against a smaller and more similar group of users and entities.
You will find the new functionality when opening the anomaly context description box. The detectors using peer groups show “for other entities” as “for other peers”.
Improvements on low volume data sources
UEBA runs machine learning and provides our models with the optimal conditions to detect anomalies. Until now, low volume data sources have had less than 200 logs per day and posed a risk in our ability to provide results for all data sources used by the users.
The update includes performance changes surrounding low volume data sources, which improve the stability of our operations even when a data source is low volume. The upgrade is purely back-end, and users will not see a difference in their UEBA module.
The update on our UEBA product happens automatically as a roll out starting on week 4. Find more information about UEBA and the latest update.