Why OpenText
Why OpenText
Overview Why OpenText
OpenText brings decades of expertise to help you unlock data, connect people and processes, and fuel AI with trust
Manage and connect data
Unify data seamlessly across your enterprise to eliminate silos, improve collaboration, and reduce risks
AI-ready information
Get AI-ready and transform your data into structured, accessible, optimized information
Built-in security and compliance
Meet regulatory and compliance requirements and protect your information throughout its lifecycle
Empowering people
Overview Empowering people
OpenText helps people manage content, automate work, use AI, and collaborate to boost productivity
Customers
See how thousands of companies around the world are succeeding with innovative solutions from OpenText™
Employees
Our people are our greatest asset; they are the life of the OpenText brand and values
Corporate Responsibility
Learn how we aspire to advance societal goals and accelerate positive change
Partners
Find a highly skilled OpenText partner with the right solution to enable digital transformation
How we compare
Content Management
Service Management
Deploy anywhere
Overview Deployment options
Explore scalable and flexible deployment options for global organizations of any size
Sovereign cloud
Local control. Global scale. Trusted AI
Private cloud
Your cloud, your control
On-premises
Free up resources, optimize performance and rapidly address issues
Public cloud
Run anywhere and scale globally in the public cloud of your choice
Aviator AI
Overview Aviator AI
See information in new ways
OpenText™ Aviator AI
AI that understands your business, your data, and your goals
OpenText™ MyAviator
Say hello to faster decisions. Your secure personal AI assistant is ready to get to work
OpenText™ Business Network Aviator
Gain better insights with generative AI for supply chains
OpenText™ Content Aviator
Power work with AI content management and an intelligent AI content assistant
OpenText™ Cybersecurity Aviator
Improve your security posture with AI cybersecurity and agile threat detection
OpenText™ DevOps Aviator
Enable faster app delivery, development, and automated software testing
OpenText™ Experience Aviator
Elevate customer communications and experiences for customer success
OpenText™ Service Management Aviator
Empower users, service agents, and IT staff to find the answers they need
Aviator AI
Overview Aviator AI
See information in new ways
OpenText™ Aviator AI
AI that understands your business, your data, and your goals
OpenText™ MyAviator
Say hello to faster decisions. Your secure personal AI assistant is ready to get to work
OpenText™ Business Network Aviator
Gain better insights with generative AI for supply chains
OpenText™ Content Aviator
Power work with AI content management and an intelligent AI content assistant
OpenText™ Cybersecurity Aviator
Improve your security posture with AI cybersecurity and agile threat detection
OpenText™ DevOps Aviator
Enable faster app delivery, development, and automated software testing
OpenText™ Experience Aviator
Elevate customer communications and experiences for customer success
OpenText™ Service Management Aviator
Empower users, service agents, and IT staff to find the answers they need
Analytics
Overview Analytics
Predict, act, and win with real-time analytics on a smarter data platform
OpenText™ Aviator Search(AI)
Give users access to the answers they need, faster and easier, with multi-repository AI-based search that lets you contextualize everything from clicks to conversations
Business Network
Overview Business Network
Connect once, reach anything with a secure B2B integration platform
Content
Overview Content
Reimagine knowledge with AI-ready content management solutions
OpenText™ Content Aviator(AI)
Supercharge intelligent workspaces with AI to modernize work
Cybersecurity
Overview Cybersecurity
Integrated cybersecurity solutions for enterprise protection
OpenText Cybersecurity for SMBs & MSPs
Purpose built data protection and security solutions
OpenText™ Cybersecurity Aviator(AI)
Reinvent threat hunting to improve security posture with the power of agile AI
DevOps
Overview DevOps
Ship better software—faster—with AI-driven DevOps automation, testing, and quality
Experience
Overview Experience
Reimagine conversations with unforgettable customer experiences
Observability and Service Management
Overview Observability and Service Management
Get the clarity needed to cut the cost and complexity of IT operations
OpenText™ Service Management Aviator(AI)
Redefine Tier 1 business support functions with self-service capabilities from private generative AI
APIs
Overview APIs
Build custom applications using proven OpenText Information Management technology
OpenText™ Aviator Thrust
Build it your way with OpenText Cloud APIs that create the real-time information flows that enable custom applications and workflows
Device and Data Protection
Overview Device and Data Protection
Protect what matters, recover when it counts
Unified Endpoint Management Tools
- OpenText™ Endpoint Management
- OpenText™ ZENworks Suite
- OpenText™ ZENworks Service Desk
- OpenText™ ZENworks Configuration Management
- OpenText™ ZENworks Endpoint Security Management
- OpenText™ ZENworks Full Disk Encryption
- OpenText™ ZENworks Endpoint Software Patch Management
- OpenText™ ZENworks Asset Management
Solutions
Information Reimagined
Overview Information Reimagined
Get greater visibility and sharper insights from AI-driven information management. Ready to see how?
Artificial Intelligence
Overview Aviator AI
Break free from silos, streamline processes, and improve customer experiences with secure information management for AI
Industry
Overview Industry solutions
Improve efficiency, security, and customer satisfaction with OpenText
Enterprise Application
Overview Solutions for Enterprise Applications
Run processes faster and with less risk
Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP
Connect content to business processes for better productivity and stronger governance
Optimize Salesforce effectiveness by bringing together transactional data and unstructured content
Services
Services
Overview Services
Achieve digital transformation with guidance from certified experts
Professional Services
Modernize your information management with certified experts
Customer Success Services
Unlock the full potential of your information management solution
Support Services
Turn support into your strategic advantage
Managed Services
Extend IT teams with certified OpenText application experts
Learning Services
Discover training options to help users of all skill levels effectively adopt and use OpenText products
Professional Services
Overview Professional Services
Modernize your information management with certified experts
Customer Success Services
Overview Customer Success Services
Unlock the full potential of your information management solution
Support Services
Overview Support Services
Turn support into your strategic advantage
Managed Services
Overview Managed Services
Extend IT teams with certified OpenText application experts
Learning Services
Overview Learning Services
Discover training options to help users of all skill levels effectively adopt and use OpenText products
Partners
Find a Partner
Overview Find a partner
Information is the heartbeat of every organization. We build information management software so you can build the future
Cloud Partners
Overview Cloud Partners
OpenText partners with leading cloud infrastructure providers to offer the flexibility to run OpenText solutions anywhere
Migrate, optimize and manage information management solutions on AWS
Optimize performance and reduce costs with applications deployed on a secure, globally scaled platform
Accelerate migration and modernization with deployment in a highly secure and compliant public cloud
Enterprise Application Partners
Overview Enterprise Application Partners
OpenText partners with top enterprise app providers to unlock unstructured content for better business insights
Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP
Connect content to business processes for better productivity and stronger governance
Optimize Salesforce effectiveness by bringing together transactional data and unstructured content
Partner Solutions
Overview Partner Solutions
Discover flexible and innovative offerings designed to add value to OpenText solutions
Resources for Partners
Overview Resources for Partners
Discover the resources available to support and grow Partner capabilities
Support
Overview Customer Support
Get expert product and service support to accelerate issue resolution and keep business flows running efficiently
Resources
Overview Resources
Explore detailed services and consulting presentations, briefs, documentation and other resources
This page is available for the following regions.
Europe, Middle East and Africa
Asia–Pacific
What is User and Entity Behavior Analytics (UEBA)?
Overview
User and Entity Behavior Analytics (UEBA) is a type of cyber security solution that uses machine learning (ML), deep learning, and statistical analysis to identify the normal behavior patterns of users and entities (e.g., hosts, applications, network traffic, and data repositories) on corporate networks or computer systems. When anomalies or deviations from those behavior patterns are detected and a risk score passes a designated threshold, a UEBA solution alerts security operations center (SOC) teams on whether a potential threat or cyber-attack is in progress.
UEBA is an essential tool in a modern organization’s cyber security stack, especially as many legacy tools are quickly becoming obsolete. As cyber criminals and hackers become more sophisticated, they can more easily bypass traditional perimeter defense systems such as secure web gateways (SWGs), firewalls, and other intrusion prevention tools.
If you’re unfamiliar with UEBA, this guide is here to help you break it down. Below, we will discuss just what UEBA security is, how it works, the difference between User Behavior Analytics (UBA) and UEBA, and UEBA best practices.
User and Entity Behavior Analytics (UEBA)
What is UEBA security?
Many legacy cyber security tools identified behavior pattern anomalies or deviations using just statistical analysis and user-defined correlation rules. While these tools are effective at thwarting known threats, they are obsolete when it comes to unknown or zero-day attacks and insider threats. With UEBA security, however, SOC teams can automatically detect unordinary behaviors across entire corporate networks or computer systems without relying on user-defined rules or patterns.
UEBA combines the power of ML, deep learning, and statistical analysis to provide SOC teams with more comprehensive threat detection software—allowing organizations to automatically detect complex attacks across multiple users and entities. In addition, a UEBA solution can group together data in logs and reports, as well as analyze information in files and packets.
How does UEBA security work?
UEBA works by collecting information about normal user and entity behavior patterns from system logs. Then, it applies intelligent statistical analysis methods to interpret each dataset and establish baselines of these behavior patterns. Establishing behavior pattern baselines is key to UEBA, as this allows the system to detect potential cyber-attacks or threats.
With a UEBA solution, current user and entity behaviors are continuously compared to their individual baselines. The UEBA cyber threat intelligence software then calculates risk scores and identifies if any behavior pattern anomalies or deviations are risky. If a risk score surpasses a certain limit, the UEBA system will alert SOC team members.
For example, if a user regularly downloads 5 MB of files each day and then suddenly begins to download gigabytes worth of files, a UEBA solution would identify this user behavior pattern deviation and alert IT of a possible security threat.
According to Gartner, a UEBA solution is defined by three core attributes:
- Use cases: A UEBA solution should be able to analyze, detect, report on, and monitor behavior patterns for both users and entities. And, unlike point solutions of the past, UEBA should focus on multiple use cases rather than only focus on specialized analysis—such as trusted host monitoring or fraud detection.
- Analytics: A UEBA solution should offer advanced analytics capabilities that can detect behavior pattern anomalies using several analytics approaches in a single package. These include statistical models and machine learning (ML), as well as rules and signatures.
- Data sources: A UEBA solution should be able to ingest data from user and entity activities both natively from the data sources or through an existing data repository (e.g., Security Information and Event Management (SIEM), data warehouse, or a data lake).
Differences between UBA tools and UEBA tools
Defined by Gartner, User Behavior Analytics (UBA) was the precursor to UEBA—as it was a cybersecurity tool that strictly analyzed user behavior patterns on networks or computer systems. While UBA solutions still applied advanced analytics to identify behavior pattern anomalies, they were unable to analyze other entities—such as routers, servers, and endpoints.
Gartner later updated the definition of UBA and created UEBA—which included the behavioral analysis of both users and entities (either individually or in peer groups). UEBA solutions are more powerful than UBA solutions, as they use ML and deep learning to recognize complex attacks—such as insider threats (e.g., data exfiltration), advanced persistent threats, or zero-day attacks—across individuals, devices, and networks (including cloud-based networks) rather than relying on user-defined correlation rules.
UEBA best practices
As a rule of thumb, UEBA tools should not replace pre-existing cyber security tools or monitoring systems, such as CASBs or Intrusion Detection Systems (IDS). Instead, UEBA should be incorporated into your overall security stack to enhance your organization's overarching security posture. Other UEBA best practices include:
- Ensure only designated IT members receive UEBA system alerts.
- Consider both privileged and unprivileged user accounts as potentially risky.
- Create new policies and rules with both internal and external threats in mind.
- Combine UEBA with big data security analytics like SIEMs to make them more effective at detecting and analyzing complex or unknown threats.
Deploy UEBA with CyberRes Arcsight Intelligence
When it comes to advanced User and Entity Behavior Analytics, CyberRes (a Micro Focus line of business) Arcsight Intelligence can help your organization stay protected against complex cyber threats. Providing a contextualized view of both user and entity behavior patterns within your enterprise, our supercharged UEBA tool provides your SOC team with comprehensive tools to visualize and investigate threats—such as insider threats and APTs—before it’s too late.
Stopping insider threats w/ ArcSight behavioral analytics
In addition, our anomaly detection models don’t expect the same behavior patterns from every user or entity—which means you won’t have to deal with a flood of false-positive alerts. Using ArcSight Intelligence, our software establishes a clear delineation between unusual behavior and real threats by utilizing mathematical probability and unsupervised ML to identify cyber threats more accurately.
If you’re ready to see how ArcSight Intelligence utilizes a UEBA solution to help your SOC team quickly uncover hidden threats in your enterprise network, feel free to request a demo today.
Resources
Related products
OpenText™ Core Behavioral Signals
Proactively detect insider risks, novel attacks, and advanced persistent threats
OpenText™ Enterprise Security Manager
Speed threat detection and response with real-time correlation and native SOAR
OpenText™ Cybersecurity Cloud
Defend with precision, secure with confidence
OpenText™ Security Log Analytics
Accelerate threat detection with insightful, actionable security insights
Threat detection and response
Find and respond to cyber threats that matter
ThreatHub Research for Business Performance
OpenText ThreatHub Research shows you what’s threatening your organization, and what you can do about it. Made by CISO’s, meant for CISO’s, OpenText ThreatHub Research helps you strengthen your cyber resilience and strategically secure your digital value chain
