A User and Entity Behavior Analytics System Explained – Part II

Exabeam uses machine learning to help better estimate a potential alert's context so that we can calibrate the alert's score. If we see an account performing a high volume of activity, that might be abnormal for a human user but perfectly normal if the account is a service account. Raising an alert without considering the context is prone to high rate of false positives. However, not all environments have such data readily available; more often than not, the information may be incomplete since such data is hard to maintain and it mushrooms out of IT control as the environment grows. Also, maintaining such data typically has not been critical for core IT operations.