What is UEBA

• Gartner： User and Entity Behavior Analytics (UEBA), typically spans a certain time and scope to construct standard profiles and behaviors of users and entities (hosts, applications, network traffic and data stores). Activities that are anomalous to these standard baselines are indicated as suspicious, and packaged analysis of these anomalies can help identify threats and potential events.
• UEBA solutions are converging with SIEM solutions, which are increasingly adding advanced analytics such as machine learning; while UEBA requires more collection, storage and platform capabilities.

---

Why UEBA is needed ?

• According to the security consulting firm’s report, for the ratio of insider to outsider threats to the enterprise is approximately: 75% vs 25%
• Cost and frequency of insider threats have increased dramatically over the past two years. the average cost of an insider threat incident in 2019 was $11.45 million, up nearly 31% from $8.76 million in 2018, and the number of threat incidents was 4,716, up 47% from 3,200 in 2018
• Common enterprise pain points: missing data sources for insider threats / missing user behavior perspective / static rule-based prone to a lot of false positives and noise / missing long-cycle analysis algorithm capabilities

---

Redkernel UEBA

Cloudfall Redkernel aims to focus on insider threats and unknown threats based on users’ existing data base and through pre-built machine learning algorithms and models. At the same time, through the long-term operation and improvement of the analyst team, the models and scenarios are constantly tuned and improved to make UEBA truly usable and intelligent.

• Redkernel relies on public cloud and cloud-native technologies and does not require users to take on huge local computing resources or expertise in information security and machine learning.
• Advanced analysis models and static association rules combine to set a baseline for normal user and entity activity to detect deviations from that baseline, the peer group’s baseline, and the organization.
• Sensitive data loss and detection of insider threat risk signals.

Common application pain points

---

Redkernel Lite

In the era of big data, traditional manual analysis can no longer meet the needs of enterprise users who need to process massive amounts of data every day. RedKernel Lite, as an intelligent algorithm engine, can help enterprise users combine with their own data platforms to provide flexible anomaly detection capabilities through a PaaS-based approach.

RedKernel Lite relies on public cloud and cloud-native technologies for rapid deployment, expansion and use, and does not require user expertise in machine learning. As a product for enterprise users, RedKernel supports all types of databases commonly used in the industry and provides a simple and easy-to-use web-based operating platform.

---

Main Functional Modules

Redkernel supports automated feature engineering and model tuning, as well as various types of data. The built-in anomaly detection models support supervised, semi-supervised and unsupervised models, and algorithmic models across multiple categories such as time series prediction models, machine learning models and deep learning models. With the increasing emphasis on model interpretability, all of Redkernel’s built-in models provide model interpretability, which not only helps users better understand model prediction results, but also provides corroboration for model credibility.