Fortscale UEBA for SOC

integrates adaptive responses to prevent threats

Introducing Fortscale UEBA for SOC 3.0

The Fortscale UEBA for SOC that has been making the lives of security analysts everywhere easier, just got better. The industry’s first, pure-play machine learning UEBA solution added:

  • Threat Hunting – an investigative tool that enables you to apply behavior filters and risk scores to proactively identify threats in your environment.
  • Data Loss Protection Solution Integration – the ability to add UEBA insights on top of your DLP to improve alert accuracy and prioritization.

No Rules – No Limits.

Fortscale UEBA for SOC makes the lives of your security analysts easier, uncovering insider threats and cutting through the ‘alert’ noise to pinpoint the risky activity that needs your attention. As the industry’s first, pure-play machine learning UEBA solution, Forscale UEBA for SOC is the first solution that can seamlessly integrate with your environment and start providing value, immediately.

It takes any data on any user, device, app, and entity and starts making sense of it. The advanced machine learning and predictive analysis can not only accurately identify when something is anomalous, but also whether that anomaly is significant and represents a risk to your organization. There are no rules, no hassles, no limits.

Fortscale at Work

Behavioral data is automatically ingested from your SIEM and enriched with contextual data.
Multi-dimensional baselines are created autonomously and statistical analysis reveals any deviations.
Higher level analytics and risk scores are applied to reflect the risk an anomaly represents to your organization.
SMART Alerts and one-click investigations give analysts everything they need to validate a detected threat.
Leverage your existing security investment to consume threat insights through a single pane of glass.


Key Features & Capabilities

Autonomous Insider
Threat Detection Engine

Fortscale’s insider threat detection engine analyzes authentication and contextual data from a number of sources within your environment, and quickly models “normal” or baseline user and entity behavior. Using multivariate statistical analysis and machine learning, Fortscale identifies when deviations in behavior occur without the need to manually write a single rule.

Multivariate Risk Scoring

Security analysts are busy and automatic prioritization of threats is key to focusing efforts and allocating resources appropriately. Iterative analysis and multivariate correlations across disparate timeframes, contexts and datasets makes Fortscale a much “quieter”, more accurate and more hands-off UEBA than you’ve ever seen before.

Ingest & Analyze Any Data Source

Fortscale can ingest any data source from SIEM, Splunk and or data repositories, as well as data from all applications, security products and even home-grown applications. Our out-of-the-box connectors allow you to hookup your Fortscale instance directly to data sources such as:

  • Active Directory
  • VPN logs
  • Windows Account Management Events
  • Kerberos Authentication
  • Windows Group Management Events
  • SSH logs
  • Oracle DB Logs
  • Printing logs
  • Gateway logs
  • End point DLP
  • Network DLP and others

Out-of-the-Box Integration for Additional Data Sources

In addition to processing your favorite enterprise applications and SIEM logs, Fortscale leverages its new Generic Data Source framework (GDS) to provide full behavioral visibility out-of-the-box for several new data source types, including:

  • Network & Endpoint DLP – Detect risky transaction of data, including data exfiltration.
  • Secure Web Gateway and Proxy – Detect risky web sessions conducted by network users.
  • Cisco ACS – Detect anomalous device authentication, authorization and access.
  • Printers – Detect and investigate anomalies in printing job logs.
  • Oracle – Detect and investigate anomalous access to Oracle databases.
  • Windows Account & Group Management – Detect and investigate suspicious admin activities (account unlock, enable, password changed or reset, and anomalous additions to groups).
  • Salesforce Authentication – Detect and investigate anomalous authentications to Salesforce website and supported apps.
  • NTLM – Detect and investigate anomalous network action in NTLM authentication and access protocol.

Analyst Friendly Investigation Experience

The redesigned user experience and interface introduces an entirely new method of investigation, incorporating the existing machine-learning based user data, with new workflows, upgraded visualizations and widgets. This makes it easier for security professionals to identify, investigate and stop insider threats.

Detecting Credentials
Compromised on the Darknet

Fortscale consumes external threat feeds that roam the Darknet in search for compromised enterprise usernames and passwords. When a monitored enterprise credential is identified on the Darknet, it is instantly streamed into Fortscale and is correlated with risky behavior found within the corporate environment. Fortscale alerts SOC analysts that a trusted user’s credential was found and was possibly abused by a malicious actor.