Alternatives to Splunk User Behavior Analytics
Compare Splunk User Behavior Analytics alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Splunk User Behavior Analytics in 2025. Compare features, ratings, user reviews, pricing, and more from Splunk User Behavior Analytics competitors and alternatives in order to make an informed decision for your business.
-
1
Cynet empowers MSPs and MSSPs with a comprehensive, fully managed cybersecurity platform that consolidates essential security functions into a single, easy-to-use solution. Cynet simplifies cybersecurity management, reduces operational overhead, and lowers costs by eliminating the need for multiple vendors and complex integrations. The platform provides multi-layered breach protection, offering robust security for endpoints, networks, and SaaS/Cloud environments. Cynet’s advanced automation streamlines incident response, ensuring rapid detection, prevention, and resolution of threats. Additionally, the platform is backed by Cynet’s 24/7 Security Operations Center (SOC), where the expert CyOps team delivers around-the-clock monitoring and support to safeguard all client environments. By partnering with Cynet, You can offer your clients advanced, proactive cybersecurity services while optimizing efficiency. Discover how Cynet can transform your security offerings today.
-
2
Safetica
Safetica
Safetica Intelligent Data Security protects sensitive enterprise data wherever your team uses it. With advanced data discovery, context-aware classification, proactive threat prevention and adaptive security, Safetica provides comprehensive visibility and control over your data. ✔️ Discover what to protect: Precisely locate personally identifiable information, intellectual property, financials, and more wherever it is used across the enterprise, cloud, and endpoint devices. ✔️ Prevent threats: Understand and mitigate risky behavior with automatic detection of suspicious file access, email communication and web browsing. Get the alerts you need to proactively uncover risk and prevent data breaches. ✔️ Keep your data safe: Intercept unauthorized exposure of sensitive personal data, trade secrets and intellectual property. ✔️ Work smarter: Help teams work, with in-moment data handling cues as they access and share sensitive information. -
3
ADAudit Plus helps keep your Windows Server ecosystem secure and compliant by providing full visibility into all activities. ADAudit Plus provides a clear picture of all changes made to your AD resources including AD objects and their attributes, group policy, and more. AD auditing helps detect and respond to insider threat, privilege misuse, and other indicators of compromise, and in short, strengthens your organization's security posture. Gain granular visibility into everything that resides in AD, including objects such as users, computers, groups, OUs, GPOs, schema, and sites, along with their attributes. Audit user management actions including creation, deletion, password resets, and permission changes, along with details on who did what, when, and from where. Keep track of when users are added or removed from security and distribution groups to ensure that users have the bare minimum privileges.
-
4
Teramind
Teramind
Teramind provides a user-centric security approach to monitoring your employees’ digital behavior. Our software streamlines employee data collection in order to identify suspicious activity, improve employee productivity, detect possible threats, monitor employee efficiency, and ensure industry compliance. We help reduce security incidents using highly customizable Smart Rules that can alert, block or lockout users when rule violations are detected, to keep your business running securely and efficiently. Our live & recorded screen monitoring lets you see user actions as they’re happening or after they’ve occurred with video-quality session recordings that can be used to review a security or compliance event, or to analyze productivity behaviors. Teramind can be installed in minutes and can be deployed either without employees knowing or with full transparency and employee control to maintain trust.Starting Price: $12/month/user -
5
Wing Security
Wing Security
Wing empowers organizations to harness the full potential of SaaS while ensuring a robust security posture. In addition to a free version that provides a list of an organization's SaaS inventory, with insightful details regarding application usage and user information, Wing’s complete SSPM solution offers unparalleled visibility, control, and compliance capabilities, strengthening any organization's defense against modern SaaS-related threats. With Wing’s automated security capabilities, CISOs, security teams, and IT professionals save weeks of work previously spent on manual and error-prone processes. Trusted by hundreds of global companies, Wing provides actionable security insights derived from our industry-leading SaaS application database, covering over 280,000 SaaS vendors. This results in the safest and most efficient way to leverage SaaS.Starting Price: Free -
6
Stellar Cyber
Stellar Cyber
On premises, in public clouds, with hybrid environments and from SaaS infrastructure. Stellar Cyber is the only security operations platform providing high-speed, high-fidelity threat detection and automated response across the entire attack surface. Stellar Cyber’s industry-leading security software improves security operations productivity by empowering security analysts to kill threats in minutes instead of days or weeks. By accepting data inputs from a variety of existing cybersecurity solutions as well as its own capabilities, correlating them, and presenting actionable results under one intuitive interface, Stellar Cyber’s platform helps eliminate the tool fatigue and data overload often cited by security analysts while slashing operational costs. Stream logs and connect to APIs to get full visibility. Automate response through integrations to close the loop. Stellar Cyber’s open architecture makes it interoperable at any enterprise. -
7
FortiInsight
Fortinet
30 percent of data breaches involve organization insiders acting negligently or maliciously. Insiders pose a unique threat to organizations because they have access to proprietary systems and often are able to bypass security measures, creating a security blind spot to the risk and security teams. Fortinet’s User and Entity Behavior Analytics (UEBA) technology protects organizations from insider threats by continuously monitoring users and endpoints with automated detection and response capabilities. Leveraging machine learning and advanced analytics, FortiInsight automatically identifies non-compliant, suspicious, or anomalous behavior and rapidly alerts any compromised user accounts. This proactive approach to threat detection delivers an additional layer of protection and visibility, whether users are on or off the corporate network. -
8
LinkShadow
LinkShadow
LinkShadow Network Detection and Response (NDR) ingests network traffic and uses machine learning to detect malicious activity and to understand security risks and exposure. It combines detection for known attack behavior with the ability to recognize what is typical for any given organization, flagging unusual network activity or session that can indicate an attack. Once a malicious activity is detected, LinkShadow NDR responds using third-party integration like firewall, Endpoint Detection and Response (EDR), Network Access Control (NAC) etc. NDR solutions analyze network traffic to detect malicious activity inside the perimeter—otherwise known as the east-west corridor—and support intelligent threat detection, investigation, and response. Using an out-of-band network mirror port, NDR solutions passively capture network communications and apply advanced techniques, including behavioral analytics and machine learning, to identify known and unknown attack patterns. -
9
Securonix Unified Defense SIEM
Securonix
Built on big data, Securonix Unified Defense SIEM combines log management, user and entity behavior analytics (UEBA), and security incident response into a complete, end-to-end security operations platform. It collects massive volumes of data in real-time, uses patented machine learning algorithms to detect advanced threats, and provides artificial intelligence-based security incident response capabilities for fast remediation. The Securonix platform automates security operations while our analytics capabilities reduces noise, fine tunes alerts, and identifies threats both inside and out of the enterprise. The Securonix platform delivers analytics driven SIEM, SOAR, and NTA, with UEBA at its core, as a pure cloud solution without compromise. Collect, detect, and respond to threats using a single, scalable platform based on machine learning and behavioral analytics. With a focus on outputs, Securonix manages the SIEM so you can focus on responding to threats. -
10
NetWitness
NetWitness
NetWitness Platform brings together evolved SIEM and threat defense solutions that deliver unsurpassed visibility, analytics and automated response capabilities. These combined capabilities help security teams work more efficiently and effectively, up-leveling their threat hunting skills and enabling them to investigate and respond to threats faster, across their organization’s entire infrastructure—whether in the cloud, on premises or virtual. Gives security teams the visibility they need to detect sophisticated threats hiding in today’s complex, hybrid IT infrastructures. Analytics, machine learning, and orchestration and automation capabilities make it easier for analysts to prioritize and investigate threats faster. Detects attacks in a fraction of the time of other platforms and connects incidents to expose the full attack scope. NetWitness Platform accelerates threat detection and response by collecting and analyzing data across more capture points. -
11
Securonix UEBA
Securonix
Today, many attacks are specifically built to evade traditional signature-based defenses, such as file hash matching and malicious domain lists. They use low and slow tactics, such as dormant or time triggered malware, to infiltrate their targets. The market is flooded with security products that claim to use advanced analytics or machine learning for better detection and response. The truth is that all analytics are not created equal. Securonix UEBA leverages sophisticated machine learning and behavior analytics to analyze and correlate interactions between users, systems, applications, IP addresses, and data. Light, nimble, and quick to deploy, Securonix UEBA detects advanced insider threats, cyber threats, fraud, cloud data compromise, and non-compliance. Built-in automated response playbooks and customizable case management workflows allow your security team to respond to threats quickly, accurately, and efficiently. -
12
GoSecure
GoSecure
GoSecure, a recognized cybersecurity leader and innovator, combines more than 20+ years of market-leading security technology with highly skilled professionals who become an extension of in-house security team to mitigate threats before they can compromise business operations. GoSecure Titan® Managed Security Services pioneers the integration of endpoint, network, and email threat detection into a single Managed Extended Detection & Response (MXDR) service. Our GoSecure Titan® Platform offers superior visibility and protection, detecting more threats and reducing security costs with faster threat mitigation. GoSecure Professional Security Services provides a full portfolio of testing and assessment services to evaluate cybersecurity maturity, identify risks and gaps. We define a roadmap tailored to your situation, needs, and budget, improving security posture. Our Professional Services find issues, our Managed Services fix them, helping you thrive. -
13
OpenText ArcSight Intelligence
OpenText
ArcSight Intelligence empowers your security team to preempt elusive attacks. With contextually relevant insights from behavioral analytics, analysts can quickly zoom in on what truly matters in their battles against complex threats such as insider threats and advanced persistent threats (APT). With unsupervised machine learning, ArcSight Intelligence measures “unique normal”—a digital fingerprint of each user or entity in your organization, which can be continuously compared to itself or peers. This approach to behavioral analytics enables your security teams to detect traditionally difficult-to-find threats, such as insider threats and APTs. The more context your team has, the faster they can mitigate a security incident. ArcSight Intelligence provides a contextualized view of the riskiest behaviors in your enterprise with supercharged UEBA and gives your SOC team the right tools to visualize and investigate threats before it’s too late. -
14
Varonis Data Security Platform
Varonis
The most powerful way to find, monitor, and protect sensitive data at scale. Rapidly reduce risk, detect abnormal behavior, and prove compliance with the all-in-one data security platform that won’t slow you down. A platform, a team, and a plan that give you every possible advantage. Classification, access governance and behavioral analytics combine to lock down data, stop threats, and take the pain out of compliance. We bring you a proven methodology to monitor, protect, and manage your data informed by thousands of successful rollouts. Hundreds of elite security pros build advanced threat models, update policies, and assist with incidents, freeing you to focus on other priorities. -
15
Scalable visibility and security analytics across your business. Outsmart emerging threats in your digital business with industry-leading machine learning and behavioral modeling provided by Secure Network Analytics (formerly Stealthwatch). Know who is on the network and what they are doing using telemetry from your network infrastructure. Detect advanced threats and respond to them quickly. Protect critical data with smarter network segmentation. And do it all with an agentless solution that grows with your business. Detect attacks across the dynamic network with high-fidelity alerts enriched with context such as user, device, location, timestamp, and application. Analyze encrypted traffic for threats and compliance, without decryption. Quickly detect unknown malware, insider threats like data exfiltration, policy violations, and other sophisticated attacks using advanced analytics. Store telemetry data for long periods for forensic analysis.
-
16
ARCON | UBA
ARCON
The ARCON | UBA self-learning solution builds baseline behavioral profiles for your end users and triggers real-time alerts if it detects anomalous behavior, reducing insider threats exponentially. The ARCON | UBA tool creates a ring fence around all the endpoints of your IT infrastructure and helps you monitor it from a single command center, making sure that no end user is left unattended at any point. The AI-powered solution creates baseline profiles for each of your users and alerts you every time an end user deviates from their normal behavioral patterns, helping you thwart insider threats in time. Implement controlled and secure access to business-critical applications. -
17
Rapid7 InsightIDR
Rapid7
With the cloud architecture and intuitive interface in InsightIDR, it's easy to centralize and analyze your data across logs, network, endpoints, and more to find results in hours—not months. User and Attacker Behavior Analytics, along with insights from our threat intel network, is automatically applied against all of your data, helping you detect and respond to attacks early. In 2017, 80% of hacking-related breaches used either stolen passwords and/or weak or guessable passwords. Users are both your greatest asset and your greatest risk. InsightIDR uses machine learning to baseline your users' behavior, automatically alerting you on the use of stolen credentials or anomalous lateral movement. -
18
RevealSecurity
RevealSecurity
Reveal Security ITDR detects identity threats in and across SaaS applications and cloud services – post authentication. The solution uses a patented unsupervised machine learning algorithm to continuously monitor and validate the behavior of human and machine identities to quickly and accurately alert on suspicious activity. Organizations can protect against account takeover attacks, insider threats, and third party/supply chain risk, after the point of login, without the need for creating rules which are noisy, expensive and also require you to know what you are looking for. -
19
MixMode
MixMode
Unparalleled network visibility, automated threat detection, and comprehensive network investigation powered by Unsupervised Third-wave AI. MixMode's Network Security Monitoring platform provides comprehensive visibility allowing users to easily identify threats in real time with Full Packet Capture and Metadata for longer term storage. Intuitive UI and easy to use query language help any security analyst perform deep investigations and understand the full lifecycle of threats and network anomalies. Using our best-in-class Third-Wave AI, MixMode intelligently identifies Zero-Day Attacks in real time by understanding normal network behavior and intelligently surfacing any anomalous activity outside of the norm. Developed for projects at DARPA and the DoD, MixMode's Third-Wave AI needs no human training and can baseline your network in only 7 days, enabling 95% alert precision and reduction and identification of zero-day attacks. -
20
Forcepoint Behavioral Analytics
Forcepoint
Visibility, analytics, and automated control - converged into a single solution. Eliminate complexity for security analysts with UEBA's automated policy enforcement and comprehensive user risk scoring. Combine DLP with behavioral analytics to gain a 360 degree view of intent and user actions across the enterprise. Leverage out-of-the-box analytics or customize risk models to fit your unique organizational needs. Quickly uncover risk trends in your organization with an at-a-glance view of users ranked by risk. Leverage entire IT ecosystem, including unstructured data sources like chat, for a complete view of users interacting across the enterprise. Understand user intent through deep context driven by big data analytics and machine learning. Unlike traditional UEBA, you can take action on insights to stop breaches ahead of loss. Safeguard your people and your data from insider threats with fast detection and mitigation. -
21
Innspark
Innspark Solutions Private Limited
Innspark is a fast-growing DeepTech Solutions company that provides next-generation out-of-the-box cybersecurity solutions to detect and respond to sophisticated cyber incidents, threats, and attacks. The solutions are powered by advanced Threat Intelligence, Machine Learning, and Artificial Intelligence to provide deep visibility of an enterprise’s security. Our key capabilities include Cyber Security, Large Scale Architecture, Deep Analysis, Reverse Engineering, Web-Scale Platforms, Threat Hunting, High-Performance Systems, Network Protocols & Communications, Machine Learning, Graph Theory, and several others. -
22
Syteca
Syteca
Syteca — Transforming human risk into human assets! The Syteca platform is a comprehensive cybersecurity solution designed to meet the diverse needs of modern organizations. The platform features a customizable security toolkit enabling customers to employ granular privileged access management (PAM), advanced user activity monitoring (UAM), or a powerful combination of both. Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks. We help leading companies to protect their sensitive data from numerous industries like Financial, Healthcare, Energy, Manufacturing, Telecommunication and IT, Education, Government, etc. Over 2,500 organizations across the world rely on Syteca! Key solutions and capabilities: - Insider threats management - Privileged Access Management - User activity monitoring - User and entity behavior -
23
Haystax
Haystax Technology
Our platform analytically monitors threats and prioritizes risk — enabling leaders and operators to act with confidence when it matters most. Instead of starting with a massive pool of data and then mining it for usable threat intelligence, we first build a system for transforming human expertise into models that can evaluate complex security problems. With further analytics we can then automatically score the highest-priority threat signals and rapidly deliver them to the right people at the right time. We have also built a tightly integrated ‘ecosystem’ of web and mobile apps to enable our users to manage their critical assets and incident responses. The result is our on-premises or cloud-based Haystax Analytics Platform for early threat detection, situational awareness and information sharing. Read on to learn more! -
24
Dtex Systems
Dtex Systems
Take an interactive platform tour to learn how DTEX delivers human behavioral intelligence to enrich SOC workflows and response, augment NGAV with people-centric DLP and forensics, proactively mitigate insider threats and identify operational inefficiencies. Our approach is based on learning from employee behavior, not spying on them. We capture and synthesize hundreds of unique behaviors and automatically zero in on the ones that expose your organization to the greatest risk and inhibit operational excellence. Only DTEX delivers what other solutions promise. DTEX InTERCEPT is a first-of-its-kind Workforce Cyber Security solution that replaces first-generation Insider Threat Management, User Behavior Activity Monitoring, Digital Forensics, Endpoint DLP and Employee Monitoring tools with a lightweight, cloud-native platform that scales to thousands of endpoints and servers in hours with zero impact on user productivity and endpoint performance. -
25
Gurucul
Gurucul
Data science driven security controls to automate advanced threat detection, remediation and response. Gurucul’s Unified Security and Risk Analytics platform answers the question: Is anomalous behavior risky? This is our competitive advantage and why we’re different than everyone else in this space. We don’t waste your time with alerts on anomalous activity that isn’t risky. We use context to determine whether behavior is risky. Context is critical. Telling you what’s happening is not helpful. Telling you when something bad is happening is the Gurucul difference. That’s information you can act on. We put your data to work. We are the only security analytics company that can consume all your data out-of-the-box. We can ingest data from any source – SIEMs, CRMs, electronic medical records, identity and access management systems, end points – you name it, we ingest it into our enterprise risk engine. -
26
DNIF HYPERCLOUD
DNIF
DNIF provides a high value solution by combining technologies such as the SIEM, UEBA and SOAR into one product at an extremely low total cost of ownership. DNIF's hyper scalable data lake makes it ideal to ingest and store terabytes of data. Detect suspicious activity using statistics and take action before any damage occurs. Orchestrate processes, people and technology initiatives from a single security dashboard. Your SIEM will come built-in with essential dashboards, reports and response workflows. Coverage for threat hunting, compliance, user behavior monitoring and network traffic anomaly. In-depth coverage map with the MITRE ATT&CK and CAPEC framework. Maximize your logging capacity without fretting over costs—double, perhaps even triple your capacity with your existing budget. With the HYPERCLOUD, the fear of overlooking crucial information is a thing of the past. Log everything, leave nothing behind.Starting Price: $0.76/GB -
27
FortiNDR
Fortinet
FortiNDR identifies cybersecurity incidents in-progress based on anomalous network activity, speeding incident investigation and response. FortiNDR enables full-lifecycle network protection, detection, and response. It leverages AI, ML, behavioral, and human analysis to analyze network traffic so security teams can spot attacker behavior and remediate the threat. FortiNDR provides network-traffic and file-based analysis, root-cause identification, scope of incidents, and the tools to remediate incidents quickly. FortiNDR includes our Virtual Security Analyst that can identify malicious network activity and files, resulting in real-time identification of advanced threats, including zero-day attacks. FortiNDR Cloud combines ML/AI with human analysis and expertise to improve your security posture and reduce false positives. Seasoned, advanced threat researchers from FortiGuard Labs monitor cybercriminal activity, perform reverse engineering, and continuously update detection rules. -
28
Interset
OpenText Cybersecurity
Interset augments human intelligence with machine intelligence to strengthen your cyber resilience. Applying advanced analytics, artificial intelligence, and data science expertise to your security solutions, Interset solves the problems that matter most. The best security operations posture comes from a strong human-machine team that leverages the strengths of each, faster-than-human analysis by machines to identify leads for investigation and the contextual understanding of SOC analysts and threat hunters. Interset empowers your team to preemptively detect new and unknown threats with contextual threat insights that minimize false positives, prioritize threat leads, and boost efficiency with an intuitive UI. Today, the best way to identify and protect against account-based attacks is to leverage the unique behavior of legitimate users. You can intelligently adapt your authentication and access experience with automated, data-driven behavioral risk assessments. -
29
IBM QRadar SIEM
IBM
Market-leading SIEM built to outpace the adversary with speed, scale and accuracy As digital threats loom large and cyber adversaries grow increasingly sophisticated, the roles of SOC analysts are more critical than ever. Going beyond threat detection and response, QRadar SIEM enables security teams face today’s threats proactively with advanced AI, powerful threat intelligence, and access to cutting-edge content to maximize analyst potential. Whether you need cloud-native architecture built for hybrid scale and speed or a solution to complement your on-premises infrastructure, IBM can provide you with a SIEM to meet your needs. Experience the power of IBM enterprise-grade AI designed to amplify the efficiency and expertise of every security team. With QRadar SIEM, analysts can reduce repetitive manual tasks like case creation and risk prioritization to focus on critical investigation and remediation efforts. -
30
Maltego
Maltego Technologies
Maltego is a Java application that runs on Windows, Mac and Linux. Maltego is used by a broad range of users, ranging from security professionals to forensic investigators, investigative journalists, and researchers. Easily gather information from dispersed data sources. View up to 1 million entities on a graph. Access over 58 data sources in the Maltego transform hub. Connect public (OSINT), commercial and own data sources. Write your own Transforms. Automatically link and combine all information in one graph. Automatically combine disparate data sources in point-and-click logic. Use our regex algorithms to auto-detect entity types. Enrich your data through our intuitive graphical user interface. Use entity weights to detect patterns even in the largest graphs. Annotate your graph and export it for further use.Starting Price: €5000 per user per year -
31
Exabeam
Exabeam
Exabeam helps security teams outsmart the odds by adding intelligence to their existing security tools – including SIEMs, XDRs, cloud data lakes, and hundreds of other business and security products. Out-of-the-box use case coverage repeatedly delivers successful outcomes. Behavioral analytics allows security teams to detect compromised and malicious users that were previously difficult, or impossible, to find. New-Scale Fusion combines New-Scale SIEM and New-Scale Analytics to form the cloud-native New-Scale Security Operations Platform. Fusion applies AI and automation to security operations workflows to deliver the industry’s premier platform for threat detection, investigation and response (TDIR). -
32
StaffCop
Atom Security
StaffCop provides a unique, fully integrated solution that focuses on detection and response to insider threats through a combination of advanced behavioral analysis and context-rich logging of insider activity. Collect Collect all activity events at the end points for subsequent analysis, notifications and decision making. Analyze Automatic and statistical analysis of data to detect anomalies of user behavior, identify incidents, insiders and disloyal employees. Alert Automatic alerts about violations of security policies, dangerous and unproductive activities of employees. Report Pre-configured & self-made reports width periodic e-mail sending. You can easily create reports with a powerful constructor. Block Blocking access to "negative" sites, running applications and removable USB-storages to reduces the risk of malware infection and increase employee productivity. Review Search for all data for keywords and regular expressions, easy correlation & drilldownStarting Price: $69.00/one-time/user -
33
Know the warning signs of privileged account abuse. A sudden increase in privileged account access by certain users or systems. Atypical access to the most privileged accounts or secrets. A high number of privileged accounts are accessed at once. Accounts accessed at unusual times of day or locations. Privileged Behavior Analytics can quickly detect anomalous behavior and instantly alert your security team to a cyber attack or insider threat before a breach catastrophe happens. Delinea Privileged Behavior Analytics uses advanced machine learning to analyze activity on privileged accounts in real-time to detect anomalies and provide threat scoring and configurable alerts. Advanced machine learning analyzes all privileged account activity so you can spot problems and measure the extent of a breach. Reducing security risks to your organization by improving security saves your department time, money, and resources and maximizes your current investment.
-
34
Carbon Black EDR
Broadcom
Carbon Black Endpoint Detection and Response (EDR) by Broadcom offers a comprehensive solution for detecting, investigating, and responding to cybersecurity threats on endpoints. It utilizes advanced behavioral analysis and machine learning to identify suspicious activities in real time, providing security teams with actionable insights to prevent data breaches and mitigate risks. With its cloud-based architecture, Carbon Black EDR enables continuous monitoring, visibility into endpoint activity, and automated threat response. It’s designed to support organizations of all sizes by improving threat detection, reducing investigation time, and enhancing overall endpoint security. -
35
Monitor productivity, run investigations, and protect against insider risk with one platform. Our powerful workforce behavior analytics allow you to regain visibility into your remote or hybrid employee activity. Veriato workforce behavior analytics go beyond passive monitoring to proactively analyze productivity, monitor for insider risk and much more. Powerful, easy-to-use tools to keep your remote, hybrid and office teams productive. Veriato’s AI-powered algorithm analyzes user behavior patterns and automatically alerts you to any abnormal or suspicious activity. Assign productivity scores to websites, programs, and applications. Select between three types of screenshots: Continuous, Keyword Triggered and Activity Triggered. Track activities on local, removable, and cloud storage, as well as print operations. See when files are created, edited, deleted, or renamed.Starting Price: $25 per user per month
-
36
Fasoo RiskView
Fasoo
Flag suspicious files and user activities that indicate sufficient risk for intervention by business management. This user and entity behavior analytics (UEBA) solution applies sophisticated rule-based modeling to data sources to establish normal patterns of behavior and help determine suspicious activities. Analysis can reduce the possibility of insider threats since they are difficult to detect due to privileged users having specific knowledge of security controls and methods to bypass them. Detect event anomalies, such as logins with user IDs of former employees, a given user logging in from multiple locations simultaneously, or unauthorized users retaining an excessive number of sensitive files. Monitor file-based risks, such as unauthorized users’ attempts to decrypt confidential files. Monitor user-based risks, such as decrypting files more frequently than usual, printing more files than usual after regular business hours, or sending files to external recipients more than usual. -
37
COSGrid NetShield
COSGrid Networks
COSGrid NetShield is a big data & ML based Network Detect and Response (NDR) solution that provides real-time and historical visibility, baselining, correlation, anomaly & threat detection and threat mitigation. Advantages: - Real time Traffic Analysis: Continuously analyzes raw network traffic and flow records to generate baseline of normal network behavior. - Threat Detection: Applying ML & other analytical techniques (non-signature) to detect suspicious traffic. - Automated Response: Analyses east/west traffic to detect lateral movements and performs automated response.Starting Price: ₹600-1000 per user -
38
Obsidian Security
Obsidian Security
Protect your SaaS applications against breaches, threats, and data exposure. Start in minutes and secure Workday, Salesforce, Office 365, G Suite, GitHub, Zoom and other critical SaaS applications with data-driven insights, monitoring, and remediation. Companies are moving their critical business systems to SaaS. Security teams lack the unified visibility they need to detect and respond to threats quickly. They are not able to answer basic questions: Who can access SaaS apps? Who are the privileged users? Which accounts are compromised? Who is sharing files externally? Are applications configured according to best practices? It is time to level up security for SaaS. Obsidian delivers a simple yet powerful security solution for SaaS applications built around unified visibility, continuous monitoring, and security analytics. With Obsidian, security teams are able to protect against breaches, detect threats, and respond to incidents in their SaaS applications. -
39
Fidelis Network
Fidelis Security
Detecting advanced threats requires deep inspection, extraction, and analysis of all forms of content going across the wire in real-time. Fidelis network detection and response bi-directionally scans all ports and protocols to collect rich metadata used as the basis for powerful machine-learning analytics. With direct, internal, email, web and cloud sensors, you gain full network coverage and visibility. Identified attacker TTPs are mapped against the MITRE ATT&CK™ framework to help security teams get ahead of the curve. Threats can run, but they can’t hide. Automatically profile and classify IT assets and services including enterprise IoT, legacy systems and shadow IT to map your cyber terrain. When integrated with Fidelis’ endpoint detection and response solution, you gain a software asset inventory correlated with known vulnerabilities including CVE and KB links, as well as security hygiene for patches and endpoint status. -
40
Forcepoint Insider Threat
Forcepoint
Collect behavioral data from channels such as the web, file operations, keyboards, and email. Explore meaningful data using a powerful dashboard built for analysts, by analysts. Gain Insight with powerful analytics to understand and rapidly respond to risky behaviors before harmful events occur. Video collection and playback help expedite the investigation, allowing for attribution as intent and is admissible in a court of law. Monitor a broad set of data sources and activities to uncover patterns of insider risk rather than individual events. Leverage detailed forensics to quickly understand the intent and exonerate employees of wrongdoing. Always-on, highly customizable monitoring, and enforcement allow prioritization of the riskiest users to prevent breaches before they occur. Prevent overreach with the ability to control, watch, and audit investigators. Eliminate biases with anonymized data for investigation integrity. -
41
IronDefense
IronNet Cybersecurity
IronDefense: Your gateway to network detection and response. IronDefense is the industry’s most advanced network detection and response (NDR) platform built to stop the most sophisticated cyber threats. Gain unparalleled visibility. Empower your entire team. Make faster, smarter decisions. As an advanced NDR tool, IronDefense improves visibility across the threat landscape while amplifying detection efficacy within your network environment. As a result, your SOC team can be more efficient and effective with existing cyber defense tools, resources, and analyst capacity. Real-time insights across industry threatscapes, human insights to detect threats, and higher-order analysis of anomalies correlated across groups of peers via IronDome Collective Defense integration. Advanced automation to apply response playbooks built by the nation's top defenders to prioritize detected alerts by risk and supplement limited cyber staff. -
42
Falcon Identity Threat Detection
CrowdStrike
Falcon Identity Threat Detection lets you see all Service and Privileged accounts on your network and cloud with full credential profiles and weak authentication discovery across every domain. Analyze every domain in your organization for potential vulnerability from stale credentials, and weak or stale passwords, see all service connections and weak authentication protocols in use. Falcon Identity Threat Detection monitors the domain controllers on-premises or in the cloud (via API) to see all authentication traffic. It creates a baseline for all entities and compares behavior against unusual lateral movement, Golden Ticket attacks, Mimikatz traffic patterns and other related threats. It can help you see Escalation of Privilege and anomalous Service Account activity. Falcon Identity Threat Detection reduces the time to detect by viewing live authentication traffic, which expedites finding and resolving incidents. -
43
Salesforce Shield
Salesforce
Natively encrypt your most sensitive data at rest across all of your Salesforce apps with platform encryption. Ensure data confidentiality with AES 256-bit encryption. Bring your own encryption keys and manage your key lifecycle. Protect sensitive data from all Salesforce users including admins. Meet regulatory compliance mandates. See who is accessing critical business data, when, and from where with event monitoring. Monitor critical events in real-time or use log files. Prevent data loss with transaction security policies. Detect insider threats and report anomalies. Audit user behavior and measure custom application performance. Create a forensic data-level audit trail with up to 10 years of history, and set triggers for when data is deleted. Expand tracking capabilities for standard and custom objects. Obtain extended data retention capabilities for audit, analysis, or machine learning. Meet compliance requirements with automated archiving.Starting Price: $25 per month -
44
Sangfor Cyber Command
Sangfor
Intelligent threat detection and response platform. Cyber Command can be trusted to improve overall IT security and risk posture. Significantly improves overall security detection and response capabilities by monitoring internal network traffic. Correlating existing security events, applying AI and behavior analysis, all aided by global threat intelligence. Uncovers breaches of existing security controls while impact analysis identifies hidden threats within the network. Integrates network and endpoint security solutions so that it can respond to threats is automated and simplified. The Cyber Command Analysis Center collects a broad range of network and security data including North-South and East-West traffic data, logs from network gateways and EDRs, decodes it using network applications like DNS or mail, and applies AI analysis to uncover undesirable behavior. AI learning of attack patterns to automatically develop responses to stop future attacks. -
45
Netwrix Threat Manager
Netwrix
Threat detection software from Netwrix to detect and respond to abnormal behavior and advanced attacks with high accuracy and speed. IT infrastructures are getting more complex and the volume of sensitive information stored there is skyrocketing. At the same time, the threat landscape is evolving rapidly, with attacks becoming more sophisticated and more costly. Improve your threat management processes and know about anything suspicious happening in your network, whether it’s an external attack or an insider threat, with real-time alerts delivered via email or mobile notifications. Maximize the value of your investments and enhance security across the IT ecosystem by sharing data between Netwrix Threat Manager and your SIEM and other security solutions. Respond immediately upon threat detection by taking advantage of the extensive catalog of preconfigured response actions, or by integrating Netwrix Threat Manager with your own business processes using PowerShell or webhook facilities. -
46
At a time when you are challenged more than ever to secure the digital infrastructure at the core of your operations, you need a technology foundation for security that unifies network threat detection, forensics and integrated response. Network Detection and Response is the evolution of effective, efficient and accessible network security. You need no specialized hardware to rapidly deploy Network Detection and Response in any segment of the modern network — enterprise, cloud, industrial, IoT and 5G — to see all activities and record everything for comprehensive analysis, discovery and action. Network Detection and Response delivers network visibility, threat detection and forensic analysis of suspicious activities. This service dramatically accelerates the ability for organizations to respond to and identify future attacks before they become serious events. This threat detection and response service captures, optimizes and stores network traffic from multiple infrastructures.Starting Price: $20 per month
-
47
Getvisibility
Getvisibility
Getvisibility's customizable AI revolutionizes the DSPM landscape. With cutting-edge algorithms and user-friendly interfaces, it empowers businesses to unlock unprecedented insights, optimize performance, and detect anomalies in real time. Experience the power of tailored solutions that elevate your DSPM capabilities to new heights. Using AI and machine learning, Getvisibility provides the fastest and most accurate data discovery and classification platform. Our AI Models are trained on Industry-specific knowledge allowing you to quickly and accurately classify all of your data. Getvisibilities OCR capabilities enable organizations to see within pictures and images. Through our cutting-edge AI models, developed specifically for your security needs, our platform empowers your organization to swiftly identify your most sensitive data. With our advanced algorithms, Getvisibility enables the precise identification of protected surfaces, including personally identifiable information (PII). -
48
Anomali
Anomali
Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. Organizations rely on the Anomali platform to harness threat data, information, and intelligence to make effective cybersecurity decisions that reduce risk and strengthen defenses. At Anomali, we believe in making the benefits of cyber threat intelligence accessible to everyone. That’s why we’ve developed tools and research that we offer to the community — all for free. -
49
Secure Malware Analytics (formerly Threat Grid) combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware. With a robust, context-rich malware knowledge base, you will understand what malware is doing, or attempting to do, how large a threat it poses, and how to defend against it. Secure Malware Analytics rapidly analyzes files and suspicious behavior across your environment. Your security teams get context-rich malware analytics and threat intelligence, so they’re armed with insight into what a file is doing and can quickly respond to threats. Secure Malware Analytics analyzes the behavior of a file against millions of samples and billions of malware artifacts. Secure Malware Analytics identifies key behavioral indicators of malware and their associated campaigns. Take advantage of Secure Malware Analytics's robust search capabilities, correlations, and detailed static and dynamic analyses.
-
50
BlackBerry Persona
BlackBerry
BlackBerry® Persona uses machine learning (ML) and predictive artificial intelligence (AI) to dynamically adapt security policy based on user location, device type and other factors to protect against human error and well-intentioned workarounds. Continuous authentication leverages passive biometrics and other usage-based patterns to unobtrusively verify user identity. Malicious users are automatically blocked from accessing apps when they exhibit anomalous behavior. Relaxes security policies when an end user is in a trusted location and dynamically adjusts when they travel to a higher-risk location. Adapts device security to local regulatory requirements as an employee travels from one country to another. Streamlined access to apps and services without having to re-authenticate when in trusted locations.