Predict | Protect | Prevent

ARCON
User Behavior Analytics

www.arconnet.com
What is UBA ?
Predict | Protect | Prevent

User behavior analytics (UBA), is a tool to

implement a type of Cyber Security
process that takes note of the normal
conduct of users. In turn, they detect any
anomalous behavior or instances when
there are deviations from these “normal”
patterns.

E.g. if a particular user regularly

downloads 10 MB of files every day but
suddenly downloads gigabytes of files,
the system would be able to detect this
anomaly and alert them immediately.

www.arconnet.com | 2
Why UBA ?
Predict | Protect | Prevent

User Behavior Analytics (UBA) is a

powerful tool that reinforces enterprise
security framework for end-users and
triggers relevant alerts for any suspicious
behavior in real time to secure crucial
business data.

ARCON | UBA will help Enterprise

implement access control, monitor
remote users Working From Home and
no longer be concerned about malicious
activities or data leaks.

www.arconnet.com | 3
 Key Features Predict | Protect | Prevent

Session Monitoring

Enables recording of all activities performed by an end-user on the desktop along with a screen capture through a
web-based engine that stores and analyzes user behavior profiles.

User Restriction

This feature is useful for restricting any specific activity (apparently irrelevant) for any particular user.

Privilege Elevation

Mitigates data breach risk by discarding large number of ADMIN (privileged) users. This tool provides flexibility to
enterprises with on-request admin rights that allows end-users to access critical applications for a defined period
after a valid approval.

www.arconnet.com | 4
 Key Features Predict | Protect | Prevent

Productivity Enhancements
Centralized monitoring framework facilitates standard machine configuration policy that allows enterprise to
guard against any anomalies in end–user behavior profiles. This enables to boost overall productivity as it helps to
generate performance reviews on non-technical observables such as security violations and fraudulent events
caused by disgruntled end-user.

Meeting Compliance

ARCON User Behavior Analytics empowers enterprise to meet various compliance requirements by offering real-
time threat alerts such as misuse of trusted privileges or other Admin accounts whilst offering granular access
control mechanism. A host of regulatory requirements PCI-DSS, SOX, NIST, GDPR are fulfilled.

Behavior Analytics

The tool enables to design an enterprise security framework. Machines are configured as per the policy and
applied to all end-users. The centralized framework thus helps organizations to identify user behavior by
comparing against the configured baseline activities.

www.arconnet.com | 5
 Key Features
Predict | Protect | Prevent

Data Loss Prevention

User Behavior Analytics provides a continuous monitoring framework to mitigate insider threats and suspicious
activities across the enterprise. The tool built upon technical and non-technical analytic methodologies automates
the entire risk- assessment process by acting as a floodgate to block unusual and suspected activities.

Dynamic Report

The tool’s programmatic approach to strengthen security and compliance framework through dynamic
report allows management to keep a real-time track on technical observables such as unusual working hours,
misuse of Privilege Access, anomalous network service usage, printing activity and so forth.

Live Dashboard
Investigating abnormal incidents and timely response to threats simplified as the all-encompassing reporting
mechanism raises immediate alerts on Live Dashboards. This feature is beneficial to keep control over operations,
governance and compliance requirements.

www.arconnet.com | 6
Component Description
Predict | Protect | Prevent

Endpoint Component (Agent)

• Agent to be installed on end-user machine for collecting
and uploading user data.

Server Component (Web Server &

Application Server)
• Web server is responsible for collecting the data.
• Administrator accesses web application for various
configurations and monitoring activities.

Database
• Configuration data and user logs are stored in a
database.
Technology used
• Windows Web Server 2012 and above
• MSSQL Server 2012+

www.arconnet.com | 7
Use Cases Predict | Protect | Prevent

o Use Case implemented in one of the Big Four: Auditors

are required to use specific applications (MS Excel,
Notepad, Google Chrome, MS Outlook, etc.) for their day
to day activities. ARCON | UBA helped in identifying the
Applications used by the Audit and Consulting Team.
Based on the Data collected by ARCON | UBA, we were
able to implement access control by allowing only
necessary applications for the Users and revoking
privileges for all other applications.

o Use Case implemented in one of the Largest Banks: Text

and Video Recording feature of ARCON | UBA was
implemented for all the End Users working from home to
capture details of their day to day activities. Data
provided by ARCON | UBA helps in gaining complete
visibility for threat detection.

o Use Case implemented in one of the CERT-IN certified

Audit Firm: CERT-IN, which stands for Computer
Emergency Responses Team – India, is the primary
central team which is responsible for any computer
security related issues in India. ARCON | UBA helps to
comply CERT-IN Guidelines for End Points.

www.arconnet.com | 8
 Predict | Protect | Prevent

Thank You!!!

www.arconnet.com