Skip to content Skip to navigation Skip to footer

UEBA Security Solutions

Detect and prevent insider threat with user and entity behavior analytics (UEBA)

UEBA Security Solutions banner background banner dots



30 percent of data breaches involve organization insiders acting negligently or maliciously. Insiders pose a unique threat to organizations because they have access to proprietary systems and often are able to bypass security measures, creating a security blind spot to the risk and security teams.

Fortinet’s User and Entity Behavior Analytics (UEBA) security solution protects organizations from insider threats by continuously monitoring users and endpoints with automated detection and response capabilities. Leveraging machine learning and advanced analytics, FortiInsight automatically identifies non-compliant, suspicious, or anomalous behavior and rapidly alerts any compromised user accounts. This proactive approach to threat detection delivers an additional layer of protection and visibility, whether users are on or off the corporate network.

The FortiInsight Five Factor Model

How Does the 5-factor Model Work?

Data from the FortiInsight endpoint agent is streamed securely from the endpoint to our data store, capturing a standard format that leverages the unique 5-factor model. This one-of-a-kind capability captures the specific machine identifier, the user and application that performed the activity, as well as the type of activity and any specific resources that were affected.

For example, a single entry may contain the following:

A user named Margarette, working on gb-Machine 1, copied a file called customer_details.xlsx to removable media.

And, because the 5-factor model captures the same core pieces of data for every event that occurs, your team is armed with comprehensive information that enables them to configure specific policies to alert.

Reliable, Rapid Insights

  • Complete: You get every record you actually need, no more and no less. Other products don't have that granularity.
  • Consistent: Every field is consistent and in the desired format. There are no issues of data inconsistency, unlike with log file systems.
  • Cohesive: FortiInsight captures the data both on and off network, delivering easy, no-nonsense insights, in a straightforward layout for rapid data analysis.


Lightweight Agent Based Protection

FortiInsight applies patented smart connector technology. Built from the ground-up, it uses core OS functionality and minimizes performance impact, resulting in strengthened security with no impact on endpoints, users, or productivity.

Low Impact, High Performance

  • Hosted solution with minimal performance impact on the endpoint
  • Windows OS support
  • Unrivaled performance through extensive use of native file system drivers
  • Data is collected in real-time and streamed for off-site analysis with complete off-network visibility
  • Strict quality control to ensure stability and reliability of software

Unparalleled Threat Detection Capabilities

Our smart connector consumes less than 0.5% of CPU, 20 MB of RAM memory and 5 KB/s of network traffic with no additional configuration required, and no rules needing to push to the connectors.

The bottom line? With zero-impact on endpoint devices, you can forget about performance degradation, and focus on instant protection for your intellectual property (IP) and sensitive data.


FortiInsight Platform

Protect your organization against unknown threats

FortiInsight automatically learns normal user behavior, and then detects the unknown to alert you in real-time to any anomalous activities, so you can act fast before issues become serious security problems.

The lightweight agent securely streams continuous sequences of activities from monitored endpoints or cloud services to the machine learning engine, where an unsupervised anomaly-detection system identifies events that do not fit the pattern of users’ everyday activities.

These anomalies are then checked for known risk factors, such as the use of removable media, hacking tools, or the accessing of files that violate policies. Combined with previous operator feedback, these risk factors are attributed an overall risk score. Any activities that appear to present risk cause an instant alert, and your team can quickly take the appropriate action.

Efficient, Effective Data Security

  • FortiInsight learns from the anomalies you find most valuable, and then screens out irrelevant detections
  • Scales with your organization, allowing comprehensive investigation at every level of detail
  • Each FortiInsight dashboard visualization clearly expresses the shape of the data, accentuating high-risk anomalies while giving you a bird’s-eye view of user behavior
  • FortiInsight displays data so that you can rapidly prioritize high-risk anomalies, prevent incidents and stay compliant
  • Detailed, dynamic dashboard capabilities enable you to make high-level decisions around your security posture, all in one place and in real-time
  • Quickly answer critical questions such as, who, where, what, and how

FortiInsight is a unique data security and threat detection solution that delivers advanced threat hunting to help you spot, respond to and manage risky behaviors that put your business-critical data at risk. We combine powerful and flexible Machine Learning with detailed forensics around user actions to bring focus to the facts more rapidly than other solutions.

Deployment Options

Features and Benefits

Augmented Intelligence (AI) 

Enhanced data visibility with machine learning and UEBA to identify threats 

Forensic-level Reporting

Compile a full forensic history of user behavior, enabling thorough forensics investigation and detailed reporting

Valuable Insights

Analyze data and deliver valuable insights, allowing your team to contain insider threats and respond in real time

Rapid Threat Detection

Machine learning optimizes each stage of the investigation pipeline, identifying emerging threats, from compromised accounts to data theft

Regulatory Compliance Support

Get full visibility of how data is accessed, used, and moved within your organization, and create compliance framework-specific rules, reporting, and analysis to identify, respond to, and manage non-compliant behavior

Data Security

Monitor data movement and endpoint activity 24/7 regardless of location or whether users are on or off your network

FortiInsight Videos

Pinsent Masons

FortiInsight Product Details

FortiInsight protects your organization’s sensitive data and high-value intellectual property from loss, theft, and mishandling, whether from a malicious insider or accidental incident.  

FortiInsight monitors endpoint activities, resource access, and data movement both on and off the network, offering complete visibility around resources and data. It identifies risky behavior, policy violations, and takes action before they turn into security incidents.

The rule-based engine combined with machine-learning analytics means it can quickly and consistently identify risky activities. In addition, it supports compliance reporting and provides detailed forensics to aid investigation. 

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

Learn More