Cyber threats in the research and education sector are evolving, but so are our tools to combat them. To stay ahead of these threats, we’re upgrading our User and Entity Behaviour Analytics (UEBA) platform to ‘UEBA 2.0’, transitioning from an on-premises setup to a fully scalable SaaS model. This upgrade also introduces a host of improvements that not only enhance our threat detection capabilities but also simplify customisation and tuning to our SOC customers’ environments.

What is UEBA?

UEBA is a security technology that uses machine learning to establish a baseline of normal activity for users, devices, and systems. By continuously monitoring these baselines, UEBA can quickly detect deviations that may signal potential threats—such as unusual access to data or unexpected network behaviour.

In contrast, traditional static detections—the conventional methods most SOCs have relied on—use predefined rules, signatures, and known indicators of compromise to identify malicious activity. These methods compare incoming data against a database of known threats, triggering alerts when a match is found. However, this approach can lead to false positives by flagging benign anomalies as threats, and it may miss new or sophisticated attacks that don’t conform to preset patterns.

By combining the dynamic insights of UEBA with traditional static detections, our SOC delivers a holistic security solution that minimises false positives and improves our ability to detect emerging risks. This integrated approach ensures that both established threats and unexpected behaviours are effectively monitored to protect research and education environments.

What’s new or improved?

• Migrated to SaaS model
  Our UEBA SaaS solution is managed by Exabeam, ensuring quicker access to the latest features, seamless updates, and improved overall stability. This shift minimises risk by keeping our defences current without the overhead of on-premises management.
• Expanded content and detections
  ‘UEBA 2.0’ has the potential for a broader range of detection rules that cover various threat scenarios—from anomalies in login attempts to unexpected data transfers—providing our SOC with more precise visibility into potential risks.
• Broader product support
  The upgraded system will be able to support a larger catalogue of commonly used IT products as log sources, increasing our visibility across various systems and platforms so that more data feeds into our detection processes.
• Better tooling for customisation
  Enhanced configuration options allow us to tailor ‘UEBA 2.0’ more effectively to each customer’s unique environment. This improved tooling helps refine alert thresholds and baselines, reducing false positives and ensuring that only the most relevant threats are surfaced.
• Efficient analysis of large data sets
  Large datasets can be aggregated and analysed faster using our UEBA SaaS solution, enabling more accurate identification of behavioural anomalies and risk changes. This allows our SOC team to triage threats more swiftly.

What does this mean for our SOC customers?

By upgrading our UEBA technology, we’re strengthening our cyber security offering for the research and education sector. Our customers will benefit from swifter threat detection, and as we onboard customers, their inputs—unique environments, risk priorities and behavioural baselines—help refine the machine learning models. This not only improves threat detection but also enables more precise risk evaluation aligned with each customer’s specific risk appetite.

As a SaaS offering, ‘UEBA 2.0’ is scalable and reliable, growing with your institution’s needs while ensuring regular updates and maintenance are handled seamlessly. Enhanced tuning capabilities and richer contextual insights enable our SOC analysts to focus on legitimate risks, which minimises disruptions and helps keep academic and research activities running smoothly.

Ultimately, the enhanced security provided by ‘UEBA 2.0’ minimises risk and builds trust within the research and education community by proactively detecting and responding to threats in real time.