User Monitoring

User monitoring is critical to every small or large-scale organization today facing the challenge of detecting insider threats.

An individual (i.e current or former employee, contractor, customer or business partner) who has or had authorized access to use an organization’s assets, may act either maliciously or unintentionally, in a way that could negatively affect the organization. Insiders may pose a greater threat to cybersecurity than all outside malicious actors combined causing significant damage in the form of fraud, sabotage, and data theft (e.g. trade secrets or intellectual property).



Most user related threat incidents are the consequences of human actions, such as mistakes, negligence, or reckless behavior. Because of the human factor, insider behavior is multi-faceted and has failed statistical and analytical prediction models and security tools, such as antivirus software, firewalls, and intrusion-detection systems. Organizations need sophisticated behavioral monitoring analytics technology and deep monitoring approach to perform analysis of data on multiple levels of granularity for identifying malicious behaviors, insider threats or inadvertent actors. Advanced correlation and machine learning tools analyze user activity in real time and detect new malicious insiders in unseen data with a high accuracy, ensuring for the highest levels of protection .


Key Features

The User Monitoring solution integrated with Obrela’s Managed Detection & Response (MDR) service combines collective intelligence practices and methods with leading edge security analytics and sophisticated risk management technology to identify, analyze, predict and prevent cyber-security threats related to user behavior in real time. Threat detection analytics, an integral part of the MDR service, collect and analyze structured and unstructured security related data from multiple systems, network devices and other critical assets, generating valuable intelligence for new, emerging and advanced security threats. Obrela’s SOC, also an integral part of the MDR service, staffed by threat analysts with user monitoring expertise provides 24×7 monitoring, incident escalation as soon as a threat is validated providing to the customers MITRE-like recommendations for fast and effective security incident response.

By analyzing what each user does and applying their characteristics to the event, User Activity Monitoring analytics constitute an invaluable method to detect potentially risky activity, including data theft and unauthorized access to confidential information, or evaluate the change management process. Monitoring user activity enables our clients to verify that internal controls are effective, reducing the risk of data theft and failed audits. User Monitoring analytics include:

  • Privileged User Monitoring analytics (PUMA): all organizations have a special group of users that have elevated privileges or capabilities on their systems and applications. This (or any other definable) group of users’ needs to be continually supervised in order to ensure proper behavior and actions within the organizations systems. PUMA helps organizations achieve compliance and implement a solid security oversight by integrating:
    • Privileged user and account monitoring
    • IP address/Hostname to user mapping
    • Shared account tracking
    • Terminated employee/contractor access detection
    • Role-based controls reporting
    • Multi-account correlation
    • Remote and Third-Party Users Monitoring
    • VIP User Monitoring
  • User and Entity Behavior Analytics (UEBA) are powered by correlation and machine learning technology and provide complete visibility of all critical user/system account activity by linking the user, role and group information in access directory and identity management systems with the actual activity logs from user activity monitoring, Data Loss Prevention tools and other analytics across the whole enterprise by monitoring, analyzing and predicting suspicious user behavior based on:
    • Virtual indicators associated to anomalous login activity, use of remote media, user and group modifications, modification of system permissions, suspicious email communication or data transfer to external accounts.
    • Contextual indicators related to access to sensitive documents or critical systems (i.e. PUMA)
    • Non-virtual indicators which provide a holistic view of the insider’s actions by linking virtual or contextual indicators with threat intelligence or information from internal (e.g. HR data) or external systems (e.g. social media posts).


Obrela Factor

Obrela’s Threat Detection Analytics enable advanced and in-depth analysis of large amounts of log data from multiple system and network log sources leveraging threat intelligence, expert rules and advance security analytics algorithms to reveal abnormal or suspicious behavior and patterns. Alert management capabilities enhance 24×7 monitoring to detect threats as soon as possible triggering meaningful alerts and security response procedures.

Our clients are offered the advantage of fast integration to Obrela’s Managed Detection & Response (MDR) service and day one visibility of security threats in their enterprise environment. Clients can build on top customized processes and procedures for risk compliance and incident response plans.


If you are interested in a quote please email or give us a call at +44 (0) 203 397 8723

Get a Quote!