Product · Insider threat (UEBA)
Insider Threat Analytics
Behavioral analytics that spot the risk from the inside.
User and entity behavior analytics (UEBA) that learn what normal looks like for every user, then flag the deviations that signal insider risk — mass downloads, off-hours egress, privilege changes. It’s a behavioral analytics layer that runs on the intSignal SIEM, so it correlates behavior with everything else the SIEM sees.
After-hours mass download + USB88
New access to sensitive repo64
Unusual off-hours data egress52
Within normal baseline21
Requirement
Built into the SIEM — you need a security platform
Insider Threat Analytics is a behavioral analytics layer, not a standalone agent. It runs on the intSignal SIEM (or the intSignal Security Suite) and uses the identity, endpoint, network, and data signals they already collect. If you don’t run one of those, this can’t work on its own — start with the SIEM or Security Suite, then switch this on.
Requires intSignal SIEM
Or the intSignal Security Suite — it needs their data to analyze behavior.
No new agents
Reuses the telemetry the platform already ingests.
Correlated, not siloed
Behavior is analyzed alongside every other SIEM signal.
Turn on when ready
Add it to an existing deployment in a few clicks.
Baselining
Learn each user’s normal — then watch for the swing
The platform builds a behavioral baseline for every user and entity: how many files they touch, when they work, how much data they move. When today’s behavior swings far from that baseline — or from their peers — it stands out.
Per-user baselines
Normal is different for a developer, an exec, and a service account.
Peer-group analysis
Compare each user to similar roles, not a global average.
Entity behavior
Service accounts and machines get baselines too.
Continuous learning
Baselines adapt as roles and habits change.
Detection
Catch the pattern, not just the event
A single download is nothing. The sequence — download, USB, upload attempt, at 10 pm — is the story.
Stitch events into a risk story
Related anomalies are chained into one explainable narrative and escalated when the risk crosses a threshold.
Full platform
Everything in Insider Threat Analytics
Baselining, detection, and response — grouped. Expand any area for the full list.
Behavioral baselining (UEBA)7
Detection9
Risk scoring6
Response (via SIEM/SOC)7
Delivery6
Add behavioral analytics to your SIEM
Already running the intSignal SIEM or Security Suite? We can switch on insider-threat analytics in a few clicks.

