SANS Webcast to Address Insider Threats and the Role of User and Entity Behavior Analytics (UEBA)

SANS Analyst and Senior Instructor Dave Shackleford will review LogRhythm's CloudAI technology

BOULDER, Colo., Feb. 22, 2018 /PRNewswire-iReach/ -- LogRhythm, The Security Intelligence Company, announced that Samir Jain, senior product manager, security analytics, and Mark Settle, product marketing team manager, both at LogRhythm, will join Dave Shackleford, a SANS analyst, member of the board of directors for the SANS Technology Institute, and the founder and principal consultant at Voodoo Security, for the SANS webcast titled, "Why Insider Actions Matter: A SANS Review of LogRhythm CloudAI for User and Entity Behavior Analytics."

When: Tuesday, February 27, 2018, 1 p.m. EST.

Who: Shackleford will discuss his experience reviewing LogRhythm CloudAI technology. He will run through various use cases, such as insider threat, account compromise and admin abuse. Jain and Settle will be on-hand to answer any questions that may be submitted.

Why: Insider actions, whether on purpose or accidental, cause the majority of breaches reported by respondents to multiple SANS surveys conducted in 2017. Yet these same responses also indicate that user activities, including those performed through breached credentials, are often not analyzed in threat management lifecycles.

When threats occur, understaffed SOCs usually lack easy access to contextual information, including baselined user behavior, how users authenticate, machine-to-machine connections, and whitelisted workstations and applications. This lack of visibility is a key problem that LogRhythm's CloudAI technology–applied to user and entity behavior analytics (UEBA)–was built to solve. Using supervised and unsupervised learning, CloudAI establishes baselines and then monitors user behavior and automatically scores user actions as harmless, risky, or malicious based on multiple criteria.

During this webcast, attendees will learn how LogRhythm CloudAI technology:

  • Detects user activities indicative of threats or compromises
  • Scores user activities and provides recommendations or takes automated actions
  • Supports threat hunting and incident response capabilities
  • Improves the machine learning experience through supervised and unsupervised learning


About LogRhythm

LogRhythm is the leader in NextGen Security Information and Event Management (SIEM), empowering organizations on six continents to rapidly detect, respond to and neutralize damaging cyberthreats. LogRhythm's Threat Lifecycle Management (TLM) workflow unifies leading-edge data lake technology, artificial intelligence, security analytics and security automation and orchestration in a single, holistic threat detection solution. LogRhythm serves as the foundation for the AI-enabled security operations center (SOC), helping customers secure their cloud, physical and virtual infrastructures for both IT and OT environments. Among other accolades, LogRhythm is positioned as a Leader in Gartner's SIEM Magic Quadrant.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (

Media Contact: Jenny Overell, Finn Partners, 4152496778,

News distributed by PR Newswire iReach:



Related Links


Business, Science & Tech


High Tech Security, Computer Electronics, Computer Software, New Products & Services

Need Help