06 Sep UEBA Should Provide Conclusions, Not Just Anomalies
As with all technologies, UEBA has evolved over time. We at Fortscale take a great deal of pride in working closely with both our large and small customers to understand their specific needs and to respond to those needs.
Although UEBA has always provided more information and context then just SIEM or event logs, after listening carefully to our customers, we felt compelled to go well beyond just detecting and delivering anomalies. So Fortscale doesn’t just identify anomalies for the analyst, it provides conclusions, and there’s a big and important difference. Even though a set of anomalies may be timely and accurate, oftentimes they are of no interest and simply not worth the analyst’s time to investigate them all. Conclusions on the other hand, understand the context of the data and anomalies, providing the analyst with a much richer set of tools and information.
So at Fortscale, we no longer pop up anomalies for the analyst – we pop up conclusions. With our patented SMART Alerts technology we automatically create conclusions based on aggregations of anomalies around specific context.
This is just one area where Fortscale’s technology is unique and advanced over other UEBA solution providers. I’m confident that other vendors will eventually follow our lead in this area, but for now at least Fortscale is the only vendor that provides this capability.