Advanced Analytics provides user and entity behavior intelligence on top of existing SIEM and log management data repositories. Advanced Analytics can detect compromised and rogue insiders and can present a complete picture of both the user session and lateral movement use within the attack chain.

Exabeam pulls logs from a variety of data sources and enriches this data with identity information collected from Active Directory (LDAP). This information provides an identity context for credential use. Through behavior modeling and analytics, Advanced Analytics learns normal user credential activities and access characteristics. By automatically comparing incoming data to these normal behaviors, anomalous activity can be exposed.

Advanced Analytics places all user credential activities and characteristics on a timeline with scores assigned to anomalous access behavior. Traditional security alerts are also scored, attributed to identities, and placed on the activity timeline. All systems touched by compromised credentials of insiders are identified to reveal the attacker's path through the IT environment.