McAfee Behavioral Analytics

The threat inside can’t hide

Webcast: SIEM, Security Analytics, or Both? Find Your Best Strategy with Use Cases.  Register >

Surface and prioritize threats that matter

McAfee Behavioral Analytics surfaces unusual and highly risky behavior often invisible to other security solutions.

The power to see the threat inside

Identify insider threats and external threats that look like insider threats. Big data security analytics and unsupervised machine learning surface unusual and highly risky behavior. Principled math accurately detects, connects, and quantifies high-risk behaviors.

Understand the greatest threat

Distill billions of security events down to hundreds of anomalies and a handful of prioritized threat leads. Analysts will understand what the greatest threat is and know where to start. Accelerate threat detection and resolution with accurate leads and fewer false positives.

Empower your security team

Security practitioners can see prioritized risk scores of any entity and drill down to learn why a user’s or an entity’s characteristics, usage patterns, and behaviors are deemed high risk. What used to take days or months, can now take only minutes.


Shorten mean time to detect advanced threats

Put yourself in the place of a security analyst to investigate and respond to a data exfiltration incident using advanced analytics and dynamic investigation guides.

Data in. Intelligence out.

A scalable, big data platform

Combine an advanced analytics engine with open source, big data technology components for scale, efficiency, and speed. McAfee Behavioral Analytics easily scales from small deployments to the largest, most sophisticated environments. Deployment options for on premise, in the cloud, or hybrid.

Extensible security analytics

Support multiple use cases out of the box, including insider threats, targeted attacks, and fraud. Since use cases can change in an instant, all models only require supporting data to be fed into the engine for it to fire, increasing value over time as your needs change.

Maximize existing security investments

Integration with multiple data sources, including McAfee ESM and third-party SIEMs, increase the visibility of the threat landscape and attack surface. McAfee Behavioral Analytics is designed to work within a cohesive system where prioritized risks are easily shared, collectively enhancing security across your ecosystem.

Use cases

McAfee Behavioral Analytics supports broad use cases, helping you detect behavior and malicious activity that can put your data and systems at risk.



Account compromise

Unauthorized account usage by anyone other than the account holder (spearfishing).


Account misuse

An employee uses their credentials to access information they have no valid reason to access.


Data staging and exfiltration

Stockpiling or packaging data for exfiltration.


Data theft

A machine with malicious software executes actions to benefit the attacker or compromise the user or machine.


Infected host

Ensure devices fall within the various compliance and regulatory frameworks, including HIPAA, FA, PCI DSS, and NERC CIP.


Insider fraud

The use of insider privileged access credentials for illegal personal use or profit.


Internal reconnaissance

An internal or external attacker explores an environment to identify assets and next moves.


Lateral movement

An internal or external attacker accesses specific systems to acquire or destroy assets.

System requirements

McAfee Behavioral Analytics can be deployed across various types of infrastructure, so you can select the deployment configuration that aligns with your enterprise architecture strategy.

Platform Support

Physical & Bare Metal Servers
Deploy on internal physical servers with direct or network attached storage. Supported operating systems:
  • Red Hat
  • CentOS
Private Cloud
Deploy on internal clouds and virtualized environments. Primary supported internal cloud providers:
  • VMware
  • OpenStack
  • Docker
Public Cloud
Deploy on public clouds that provide Red Hat and CentOS Linux instances. Primary supported public cloud providers:
  • AWS
  • Azure
  • Google Cloud

Learn more about McAfee Behavioral Analytics


Securosis: Security Monitoring State of the Union

Learn about the changing trends in security analytics and SIEM and how the two technologies converge to deliver advanced analytics for organizations.

Read Report>
White Paper

McAfee Behavioral Analytics Data Source and Use Case Coverage

Learn more about the built-in use cases that can alert you to high-risk behaviors in your environment.

Read White Paper>
White Paper

Introduction to Artificial Intelligence and Machine Learning

This guide breaks down how AI functions, the strengths and limitations of various types of machine learning, and its evolution. It also explores how AI-enabled security analytics can help protect enterprises from today’s complex cybersecurity threats.

Read White Paper>

Have Additional Questions?

We’re here to help. Contact us to learn about implementation, pricing, technical specifications, and more.

Contact Us