Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Anomaly Detection


User identity mapping for improved anomaly detection

In any organization, a user may access numerous devices and applications, but not always with the same username or credentials. Devices and applications use platform-specific user registries that are distinct from each other. As a result, organizations may end up monitoring five user identities from five devices separately, while they actually belong to a single user. The table below shows one user, Michael Bay, using different user identities to log on and access various devices and applications.


Detecting Lateral Movement activity: A new Kibana integration

Cyber attacks are becoming more frequent, targeted, and complex. When it comes to sophisticated attacks, one of the most commonly seen tactics is Lateral Movement. During lateral movement, many attackers try impersonating a legitimate user by abusing admin tools (e.g., SMB, SAMBA, FTP, WMI, WinRM, and PowerShell Remoting) to move laterally from system to system in search of sensitive information.


Multivariate Anomaly Detection: Safeguarding Organizations from Internal Threats

‍ The term “internal threat” refers to the risk that somebody from inside a company could exploit a system to cause damage or steal data. Internal threats are particularly troubling, as employees may abuse extended privileges, leading to massive losses for the organization. One such infamous case is of an ex-Google employee who was charged with theft of trade secrets from Google for a ride-hailing start-up Uber.

Featured Post

JUMPSEC works on a prototype lightweight anomaly detection system

Deploying machine learning models in the cyber security industry is complicated - especially with budget and technology limitations. Especially when it comes to anomaly detection, there's been much debate over privacy, balance, budget, robustness, cloud security and reliable implementation. For cyber security companies using machine learning technologies, ensuring clients' safety with trustworthy artificial intelligence (AI) must always be the primary objective.

Graylog Security Anomaly Detection: Metrics Ease the Workload

Everything that makes employees’ lives easier, makes yours harder. Detecting insider threats — both employees and cybercriminals pretending to be employees — has never been more difficult or more important. The cloud technologies that make everyone else more efficient make security less efficient. They’re noisy. They send a lot of alerts. You’re tired. You’re overworked. You’re overloaded.

Anomaly Detection in Cybersecurity for Dummies

One of the best ways to defend against both internal and external attacks is to integrate anomaly detection, a.k.a. user and entity behavior analytics capabilities, into your security analytics solution. In this e-book, we break down the different types of security anomalies and explain what each one looks like. We also explain how to determine the risk score of every user and host in the network. Finally, we cover five ways in which you can harden your defenses with anomaly detection.

BERT Embeddings: A New Approach for Command Line Anomaly Detection

The large amounts of behavioral data being generated today necessitate accurate labels for machine learning classifiers. In an earlier blog post, Large-Scale Endpoint Security MOLD Remediation, we discussed how to remediate labeling noise. In this blog post, we experiment with an unsupervised approach that eliminates the need for learning from labeled data.


October Release Rollup: New Anomaly Detection, UX Features

We’re excited to share several recent user experience improvements we’ve made across the platform, including multivariate anomaly detection and other new features aimed at improving content governance. Continue reading to learn about some of our top product releases for October.