Detect Bad Actors On Your Network Or Cloud With

User Behavior Analytics

AristotleInsight is a User Behavior Analytics solution implementing the UDAPE™ model built on a Big Data Security Analytics platform. The ability to conduct User Behavior Analytics in order to accurately detect suspicious activity has long been considered the holy grail of information security. Previous attempts have fallen short because of reliance on a single data type, such as logs. This doesn’t allow for the context needed to accurately define normal and anomalous behavior. AristotleInsight links data from the full spectrum of the UDAPE™ model (User, Device, Application, Process, Endpoint) in order to build the context necessary to accurately establish baselines, detect true anomalies, and find potential bad actors in whatever form they take. Changes, anomalies, and suspicious activity simply jump out.

Privileged User Tracking & Reporting

Historically document and audit privileged account activity.  Recognize anomalous administrative activity to find bad actors.

Active Directory Modifications & Golden Ticket Exploits

Monitor and historically document all Active Directory changes including who made the change, which device it was made from, and when the change was made. Identify anomalous Active Directory activity in order to detect Golden Ticket exploits.

Enterprise-wide Endpoint Tracking

Monitor and document endpoint activity for AUP compliance and suspicious activity throughout your entire enterprise.

Configuration & Privilege Clustering

Cluster users and devices that have similar configurations and privileges in order to identify users or devices who have drifted from their governance standards.

Advanced Persistent Threat Monitoring

Link user, device, application, process, and endpoint data in order to establish baselines and detect anomalies.   Accurate anomaly detection causes advanced persistent threats to stand out.

Asset Monitoring & Reporting

Automatically inventory and track all assets, including how often each asset is used, who uses each asset, and which software and applications are installed on each asset.  Track software and application licenses for True-up compliance.

Governance Issues

Document changes and conduct spot audits of user and device configurations in order to achieve and maintain strong governance.

Vulnerability Reintroduction Tracking

Track and document all vulnerabilities and patches throughout the network.  Measure patching and remediation processes by tracking metrics and trends such as Average Time to Patch and number of Vulnerability Reintroductions.

File Integrity Tracking & Reporting

Monitor and historically document who accesses and alters sensitive files.  Receive real-time notification of suspicious sensitive-file access.

Implementing the UDAPE™ Model For User Behavior Analytics

The core of the UDAPE™ model is the ability to collect, link, and organize security data across the full spectrum of an IT environment.  This requires the ability to collect and track data from User, to Device, to Application, to Process, to Endpoint.  Before AristotleInsight, collecting such large amounts of data swamped networks, and was impossible to link and organize.  At Sergeant Laboratories, we have been learning to unobtrusively move huge amounts of data throughout networks since the 1980’s.  A culmination of over 30 years of research and engineering progress, AristotleInsight is the first solution with the capabilities necessary to carry out the UDAPE model:

  • UDAPE Incorporates All APIs (User Behavior Analytics)

Store Granular Data For Years

UDAPE™ data is only valuable if it can be used to establish long-term baselines and trends, as well as conduct post-incident response.  AristotleInsight stores granular data for years, without charging by the amount of data collected.

Data Linking

Too many security tools dump thousands of lines of static log data on security professionals and expect them to pinpoint issues with rudimentary search capabilities.  AristotleInsight links the full spectrum of UDAPE™ data, organizing it into reports and making it granularly searchable and sortable.

Data Driven Machine Learning

AristotleInsight utilizes machine learning to minimize the need for user configuration.  AristotleInsight adapts to evolving environments without the need to continuously reconfigure, tune, or manually update.

Seamless and Adaptive Installation, Maintenance, and Update

AristotleInsight installs across tens or tens of thousands of endpoints in hours, not days or weeks.  Installation, maintenance, and updates do not affect network performance or end users.

Massively Scalable

The compression and bayesian technology backing AristotleInsight allows its scalability virtually unlimited.  The more data AristotleInsight collects, the more it learns, making it a natural fit for large environments.

Robust Business Intelligence

The data AristotleInsight collects is easily exportable and shareable.  Automatically email reports on a daily, weekly, or monthly basis.  Configure real-time emails and SMS messages for critical events.

Benefits Of The UDAPE™ Model For Big Data Security Analytics

Technology capable of implementing the UDAPE™ model produces powerful benefits. Instead of using bolt-on solutions that create data silos and visibility holes, AristotleInsight is able to provide a historic, contextually rich, enterprise-wide perspective of your information security, risk, governance, and audit posture – all within a single pane of glass.  The results are impressive:

  • Bandwidth Usage Chart (User Behavior Analytics)

Make Comparisons

Compare groups of users, devices, or applications to find unique configurations, deviations from baselines, and suspicious activity.

Unprecedented, Detailed Post Incident Response

AristotleInsight stores years of the data needed for post-incident response in a granular, searchable, and sortable format.  Instead of spending weeks combing through logs, AristotleInsight provides details quickly.

Proactively Audit Configurations, Privileges, and Audit Policies

AristotleInsight tracks configurations, privileges, and audit policies for all users and devices.  Proactively audit conformance to baselines, and receive automated notifications when changes occur.

Enterprise and Department Wide Baselines

Establish baselines across your entire enterprise and within each department.  Track baselines over time to discover trends and notice anomalies.

Manage Information Security Like The CFO Manages Finance

Accounting software collects financial data to provide management with the metrics, trends, and comparisons used to govern enterprise finances.  AristotleInsight provides the CISO and CIO with the same level of insight into information security and governance.  AristotleInsight is for security what accounting software is for finance.

Maintain and Prove Compliance

AristotleInsight enables security and compliance professionals to continually work towards and maintain compliance, while historically storing the data needed to demonstrate compliance for auditors.

A Solution Built For Security-Risk-Audit-Compliance Professionals

AristotleInsight is built from the ground up for security professionals.  Instead of relying on repurposed IT tools to piece together security related data, AristotleInsight collects, organizes, and conducts first pass analysis on the data security professionals need.  AristotleInsight ends the scavenge for data, and points security professionals towards the problems worth investigating.

  • IP Cluster Graph (User Behavior Analytics)
  • High Level Trends (User Behavior Analytics)
  • Vulnerabilities Graph (User Behavior Analytics)


We pride ourselves on building technology that is immediately useful and solves daily problems.  Our name, Sergeant Laboratories, serves as a daily reminder of our commitment to providing those out solving problems with the tools they need to be successful.


AristotleInsight scales both vertically and horizontally.  The ease of installation and unique data compression technology allows AristotleInsight to scale from small businesses to Fortune 500 companies spread around the globe.


Security tools should not break when your network changes, require hours of tuning, or require programming expertise to maintain.  AristotleInsight is virtually invisible within a network, is OS agnostic, and naturally adapts as your network evolves.

Dedicated To Our Customer’s Success

We understand information security, compliance, risk, and audit professionals have their hands full. Mistakes and oversights can have enormous consequences. We routinely call and offer to walk through your data with you to provide a neutral perspective of your current security posture. We are not a consulting firm trying to sell more services; we are security experts dedicated to your organizations information security success.

  • Unprecedented support
  • Routine check-ins with our security and compliance experts
  • Call to speak with an engineer or security expert in minutes

Unlimited and Historic

AristotleInsight doesn’t charge based on lines of data.  AristotleInsight is built to store virtually unlimited amounts of data for years.  Compare your network against itself a year ago, or forensically investigate a historic incident.

Organized and Intuitive

AristotleInsight organizes data into 3 layers of increasing detail. Seamlessly navigate from high level trends and baselines down into granular forensics for post-incident response.

Proactive and Reactive

AristotleInsight provides the metrics and trends to proactively measure the success of security goals and audit baselines, as well as access to the historic information needed to investigate and react to historic incidents.

Why We Built AristotleInsight

We thought it was absurd that in an era of big data, it takes weeks to investigate what happened within an IT environment.

So we built AristotleInsight.

We built AristotleInsight to collect, analyze and store the enormous amounts of UDAPE™ data necessary to document exactly what occurs at any given moment now or in the past. Our virtualized data channel and bayesian compression allow for years of forensic data to be stored, structured, and organized.

A tool for information security, risk, audit, and compliance professionals.

Data without structure is useless. Security professionals need easy access data and metrics that are repeatable, organized, and historic.

AristotleInsight’s unique data linking and behavioral analysis provides structure for years of security data. Changes, anomalies, and suspicious activity simply jump out. Post-incident response will never be the same.

To see a security solution that is built for security professionals, that is not a science fair project, and that just works, contact us today.

Who Are We?

Sergeant Laboratories builds sophisticated software that provides straightforward solutions to complicated IT problems. Over fifteen years ago, our engineers were asked, “What are our computers actually being used for?” Answering that question has proven critical to successful IT security and compliance. Our flagship product, AristotleInsight, has been widely adopted by financial institutions, governmental bodies, healthcare facilities, and retail chains. We have developed an agile design and marketing model that allows us to rapidly react to feedback from customers.  Our years of experience combined with extensive input from customers enables us to provide a practical solution that just works and is used every day.