We just published a case study about an Australian law firm that noticed two employees accessing a bunch of sensitive files. The behavior was flagged using UEBA, which triggered alerts based on deviations from normal access patterns. The firm dug in and found signs of lateral movement and privilege escalation attempts.

They were able to lock things down before any encryption or data exfiltration happened. No payload, no breach.

It’s a solid example of how behavioral analytics and least privilege enforcement can actually work in practice.

Curious what’s working for others in their hybrid environments?