UserInsight now ranks risky users through behavioral analytics. UserInsight, the User and Entity Behavior Analytics (UEBA) solution, spots user behavior such as unusual admin activity, authentications to new assets, and new user locations and highlights users that exhibit several such behaviors. The User Risk Ranking augments UserInsight's low-noise incident alerts and enables administrators to get richer context around user behavior.
How User Risk Ranking Works
On the UserInsight dashboard, you now see three new boxes:
- Top 5 Risky Users: This provides you with a mini-version of the user risk ranking overview page. After you have covered the incident alerts for the day, it may be worth scanning this list for unusual behaviors that may indicate higher user risk, including risky user behavior, user compromise, or insider threats.
- Total User Risk (Last 30 Days): This graph indicates the total behavioral risk for your organization. When you're on the dashboard, you'll see at a glance if your user risk has gone up suddenly. If so, it may be worth looking into what is affecting your risk posture.
- Recent Notable Behaviors: This is a running list of the latest behaviors UserInsight has observed across the entire user population.
The User Risk Ranking Page
On the UserInsight dashboard, click on the bar chart labeled “Total User Risk (Last 30 Days)”, or follow this link (requires UserInsight account).
You'll see the list of risky users below the bar chart. On the left, you'll see the filter section that indicates which behaviors contributed to putting users on the risky user list. In parentheses, you'll see which behaviors contributed how much to the risk ranking. You can fine-tune the list by disabling some of the filters.
Click through any user to get more information. You'll see a line graph at the top of the page indicating when the behaviors took place and see a vertical timeline below, indicating behaviors and incidents. You can use the same filters on the right of the page to hide any behaviors. To check out other users, simply pick a risky user on the left menu.
You don't have UserInsight yet? Read about how UserInsight helps you detect and investigate incidents and check out our short demo videos.