Fortscale UEBA for SOC

integrates adaptive responses to prevent threats

No Rules to Write. No Limits.

Fortscale was designed to make the lives of security analysts easier. We build the only pure-play machine learning UEBA product on the market. No rules to write. No limits on what Fortscale can detect. From its intuitive alerts and investigations, to its self-tuning anomaly detection and risk scoring.

Fortscale user/entity behavior analytics (UEBA) solution helps you end insider threats with a totally new generation of autonomous machine-learning technology.  Our UEBA solution can examine logs from all of your other applications too, even your custom and proprietary mission-critical systems.

Fortscale at Work

Behavioral data is automatically ingested from your SIEM and enriched with contextual data.
Multi-dimensional baselines are created autonomously and statistical analysis reveals any deviations.
Higher level analytics and risk scores are applied to reflect the risk an anomaly represents to your organization.
SMART Alerts and one-click investigations give analysts everything they need to validate a detected threat.
Leverage your existing security investment to consume threat insights through a single pane of glass.


Key Features & Capabilities

Autonomous Insider
Threat Detection Engine

Fortscale’s insider threat detection engine analyzes authentication and contextual data from a number of sources within your environment, and quickly models “normal” or baseline user and entity behavior. Using multivariate statistical analysis and machine learning, Fortscale identifies when deviations in behavior occur without the need to manually write a single rule.

Multivariate Risk Scoring

Security analysts are busy and automatic prioritization of threats is key to focusing efforts and allocating resources appropriately. Iterative analysis and multivariate correlations across disparate timeframes, contexts and datasets makes Fortscale a much “quieter”, more accurate and more hands-off UEBA than you’ve ever seen before.

Ingest & Analyze Any Data Source

Fortscale can ingest any data source from SIEM, Splunk and or data repositories, as well as data from all applications, security products and even home-grown applications. Our out-of-the-box connectors allow you to hookup your Fortscale instance directly to data sources such as:

  • Active Directory
  • VPN logs
  • Windows Account Management Events
  • Kerberos Authentication
  • Windows Group Management Events
  • SSH logs
  • Oracle DB Logs
  • Printing logs
  • Gateway logs
  • End point DLP
  • Network DLP and others

Out-of-the-Box Integration for Additional Data Sources

In addition to processing your favorite enterprise applications and SIEM logs, Fortscale leverages its new Generic Data Source framework (GDS) to provide full behavioral visibility out-of-the-box for several new data source types, including:

  • Network & Endpoint DLP – Detect risky transaction of data, including data exfiltration.
  • Secure Web Gateway and Proxy – Detect risky web sessions conducted by network users.
  • Cisco ACS – Detect anomalous device authentication, authorization and access.
  • Printers – Detect and investigate anomalies in printing job logs.
  • Oracle – Detect and investigate anomalous access to Oracle databases.
  • Windows Account & Group Management – Detect and investigate suspicious admin activities (account unlock, enable, password changed or reset, and anomalous additions to groups).
  • Salesforce Authentication – Detect and investigate anomalous authentications to Salesforce website and supported apps.
  • NTLM – Detect and investigate anomalous network action in NTLM authentication and access protocol.

Analyst Friendly Investigation Experience

The redesigned user experience and interface introduces an entirely new method of investigation, incorporating the existing machine-learning based user data, with new workflows, upgraded visualizations and widgets. This makes it easier for security professionals to identify, investigate and stop insider threats.

Detecting Credentials
Compromised on the Darknet

Fortscale consumes external threat feeds that roam the Darknet in search for compromised enterprise usernames and passwords. When a monitored enterprise credential is identified on the Darknet, it is instantly streamed into Fortscale and is correlated with risky behavior found within the corporate environment. Fortscale alerts SOC analysts that a trusted user’s credential was found and was possibly abused by a malicious actor.