Use Cases

Striim Stamps Out Cybercrime from Insider Threats

Realtime user behavior analytics (UBA) instantly detect and mitigate anomalous account activity and prevent malicious network threats.


High-profile cyberattacks and egregious data thefts have sent cyber security soaring to the top of companies’ list of strategic priorities in recent years. When hearing about these breaches, many assume they’re being carried out by sophisticated criminals outside of the organization. What people don’t realize is that the real threats are effectively coming from the inside: either carried out by employees or vendors, or accomplished by compromising and taking over legitimate user accounts to gain access to the network. Some of the most notorious cyberattacks of the past few years — from the Sony email hack to the Target breach — were accomplished through inside access to the companies’ networks.[1][2]


Frequently, the perpetrators are able to take over user accounts, often by phishing to obtain user credentials or stealing passwords from other hacked systems. They then lurk for some time, during which the legitimate user conducts business as usual on the system. Eventually, the malicious activity begins — by then, it may be too late to prevent irreparable damage.

Organizations need to be able to distinguish immediately and automatically between a user’s “normal” activity and the abnormal patterns that could indicate malicious activity — allowing realtime security measures to kick in to mitigate damage. Enterprises need to automate user behavior analytics that can identify what “normal” activity looks like for each user (checking account balances, viewing payments in a specific order) versus anomalies in a user’s normal patterns (adding email addresses to an account profile, for example) and alert security analysts in realtime when activity is statistically different.

Striim Solution

Striim connects and correlates multiple streaming and static sources of data pertinent to customer activity, bringing all sources of truth together to allow realtime detection and alerting of potential malicious activity. The platform identifies what “normal” looks like based on users’ historical data. It then compares “normal” to realtime activity in order to detect deviations for each user account and update normal activity to each account. Companies get immediate insight when a customer account is not behaving as expected, and the ability to automatically lock accounts before costly malicious activity can occur.


It is estimated that cybercrime costs the global economy $400 billion a year in financial losses, and cybercrime costs an average of $12.7 million per company each year[3] Using Striim to analyze user behavior and respond to behavior anomalies in realtime can dramatically reduce financial losses due to cybertheft. Bringing together realtime, streaming data with historical user context data enables organizations to get more from their cyber security technology with user behavior analytics, preventing the often hidden “insider threat” that is difficult to identify and head off using ordinary IT security infrastructure.

[1]Faughnder, Ryan and Saba Hamedy. “Sony insider – not North Korea – likely involved in hack, experts say.” L.A. Times, December 30, 2014.
[2]Vijayan, Jaikumar. “Target breach happened because of a basic network segmentation error.” Computerworld, February 6, 2014.
[3]Net Losses: Estimating the Global Cost of Cybercrime. McAfee Center for Strategic and International Studies, June 2014.


  • Financial Services
  • Healthcare
  • Retail

Realtime Use Cases

  • User activity fingerprinting
  • User behavior analytics (UBA)
  • Security and fraud

Business Impact

  • Decreased losses from fraud
  • Strengthened network security
  • Improved customer experience

Data Source

  • Application logs
  • System logs
  • Transaction logs
View More Use Cases