Skip navigation

Duo Security is now a part of Cisco

About Cisco

Automate Threat Detection With Duo’s UEBA

We recently described how user and entity behavior analytics (UEBA) is changing the way organizations detect threats. Today Duo announces a beta program for its UEBA capabilities, which give customers analytics-based threat detection to assess the security of their user and endpoint activity.

Organizations of all sizes struggle with threat detection. Security and IT departments are always spread thin - trying to find ways to do more with less. Many organizations look to Security Information and Event Management systems (SIEMs) to automate some detection with customizable alert rules, but SIEMs are resource intensive to fully stand up and have a long time-to-value. Furthermore, organizations routinely experience changes in projects, personnel, and vendors, and configuring and maintaining alert setups is tedious and drives up the total cost of ownership of a monitoring and detection system. Because of this, alerts are frequently set up reactively after a security issue has occurred rather than configured in an effort to be proactive.

Duo customers can soon use Duo's UEBA-based threat detection, which employs machine learning techniques to analyze behavior data and detect anomalous and potentially malicious activities. While traditional threat detection systems can often be prohibitively expensive to set up and maintain, Duo’s system requires no setup. It runs on data Duo is already handling as a part its standard offering and is more scalable than traditional, strictly rules-based alerting systems because it learns and adapts over time.

UEBA Security Events

Credential theft and account takeover are more prevalent than ever, as highlighted in the 2018 Verizon Data Breach Investigations Report (DBIR), which identified stolen credentials and phishing as two of the top three most common means of breach. But attackers who compromise a user's credentials will find it very difficult to also simulate that user's behavior. For example, Duo can find inconsistencies in how a user is attempting to access an application. Duo’s models rely on a number of signals to decide whether an authentication is suspicious. Those signals are built on top of data handled as part of Duo’s authentication process, such as time of day, application accessed, properties of the access and two-factor devices, and network of origin. Duo’s models are intelligent and learn over time, meaning every incoming authentication builds a deeper understanding of normal and anomalous behavior patterns.

The machine learning models UEBA uses are built by Duo's Data Science team, who come from such institutions as CERT and Carnegie Mellon to University of California. Data Science uses multiple models, both unsupervised and supervised, to pinpoint anomalous behavior. All models constantly learn from new data as it is observed.

Duo continues to improve its threat detection capabilities with a focus on reducing the investigative burden on IT and security, as well as build its UEBA functionality deeper into the authentication experience. The beta program for UEBA-based threat detection is open to existing Duo Security customers. To learn more about Duo’s work in UEBA and to join the beta program, please contact your account representative.

Rahul Hirani

Rahul Hirani

Product Manager, Data & Analytics

Rahul is a Product Manager at Duo Security where he leads the company's data and analytics efforts, working closely with Data Science and Data Engineering. A San Francisco native, he has run product management for several early stage startups and launched data products ranging from analytics tools and APIs to recommendation engines. Rahul is a published author in econometrics and has a academic background in computational statistics.

Stefano Meschiari

Stefano Meschiari

Senior Data Scientist

Stefano is a Senior Data Scientist at Duo Labs. He comes from the world of astrophysics, where he hunted for exoplanets, built Star Wars-like planetary systems, and smashed virtual cosmic orreries from the relative safety of his laptop/supercomputer. At Duo, he works on solving equally astronomically difficult problems in security armed with machine learning models and a data-driven mindset.