You're developing for the future Our Software tools will get you there

Veriato Recon

Veriato Recon combines machine learning and advanced statistical analysis to uncover indicators of compromise traditional preventative security measures miss, so you can protect your organization from insider attacks

behavioral-baselines-main anomaly-detection-main actionable-intelligence

Behavioral Baselines

The software learns the behavior patterns in your company, and evaluates changes versus historical self and peer groups.

Anomaly Detection

Changes in behavior are identified in near real-time, and compared to sensitivity settings you control for prioritization.

Actionable Intelligence

Alerts are triggered on anomalies most indicative of insider threat in your organization, and rich activity data is stored for rapid review.


Your organization is, and will be, compromised by insiders.

Regardless of industry or company size, the fact is that people have become the perimeter. If you are not specifically looking for insider attacks, you are missing them. Veriato Recon combines analysis of technical indicators and psycholinguistic indicators to provide early warning of threats to your data security. An attacker, no matter how sophisticated, will cause a deviation from established patterns.

Elegantly Simple Tuning

Provides you with the ability to alert on meaningful behavioral changes, without contributing to over-alert syndrome.



Behavioral Baselines

Veriato Recon watches user activity, and using a combination of data science and machine learning, establishes what normal user behavior looks like.

Veriato Recon profiles multiple entities, includes users, peer groups, and groups created based on observed behavioral characteristics, enabling greater accuracy in anomaly detection.


Anomaly Detection

Rules-based approaches to anomaly detection rely on human knowledge to be effective. Veriato Recon applies sophisticated algorithms to identify anomalies that would otherwise go undetected.


Behavioral Groups

After a short training period, Veriato Recon identifies groups of users based on observed behavior to enable more accurate baselines. Behaviors evaluated include resource and application access and usage.



Alerts are routed to your SIEM or other 3rd party data aggregation solution via direct connections or via syslog. You can also choose to receive alerts directly, on a frequency you control.

Veriato Recon looks at a wide range of user attributes and evaluates for indicators of compromise


Indicators of Compromise

Compromise has a long history of providing insight into user activity. We understand the ways a true insider can exfiltrate data, as well as how hackers can lever compromised credentials to ‘become an insider’, and we watch for the changes in behavior that indicate your data security is at risk. This includes data access and movement, as well as credential usage activity and a range of additional attributes.


Psycholinguistic Attributes

Because Veriato Recon can see into the communications fabric of your organization, it is able to watch for changes to language usage that are known indicators of insider activity. The way people think, act, and communicate are linked. Shifts in to me and intensity and changes in language usage are detected, providing additional richness that aids in identification and prioritization of threats.

Common Uses

Data Leak Prevention

Specifically designed to augment traditional DLP and other preventative security measures, Veriato Recon identifies insider risk and threat to data security by watching for changes in data access and movement. A robust data security strategy requires focus on device, data, and user.

IP Theft

Malicious insiders and departing employees target valuable intellectual property. Veriato Recon not only alerts on the deviations in data movement that occur when IP is taken, it creates a system of record that supports best practices related to the threat that exists when employees leave.

High Risk Insiders

The behaviors of highly privileged users, employees involved in negative workplace events, and contractors need to be more closely inspected and monitored to protect against a damaging attack. Veriato Recon evaluates behavior shifts in near real-time, so security teams can focus resources where they can be most effective.


Designed to deliver the visibility and context you need to monitor and track employee activity.



Import groups from Active Directory, or let the software identify groups within your organization through automated pattern analysis of resource and application usage



Self-learning of behavioral patterns for individuals and groups, driven by machine learning, enables no-touch understanding of what normal looks like in your environment.


Anomaly Detection

Detecting deviations from established patterns enables early warning of insider threats. An attacker, no matter how sophisticated, will cause a deviation from normal behavior.


User Activity Log

Unlike many other User & Entity Behavior Analytics solutions, Veriato Recon maintains a definitive record of user activity for use in forensic investigations and incident response.



When an anomaly is detected, alerts can be fired based on your configuration settings so they fit into your workflow.


Veriato 360 Integration

Move from detection to investigation within one console, with just a few clicks – enabling eyes on glass inspection of activity to inform and speed response.


Third Party Integration

Flow alerts into Splunk and Arcsight using direct connections, or via syslog to any application for aggregation, correlation, and reporting.

 Download Datasheet