"Most people don't turn on those logs because they're very difficult to manage," he said.
Surescripts is also looking for new credentials it hasn't seen before, and credentials showing up where they're not expected.
The product is currently tracking about 3,000 credentials, he said.
According to the latest Verizon Data Breach Investigations Report, stolen, weak or default credentials were involved in 63 percent of confirmed data breaches.
Installation of the Interset product took less than two weeks, and Surescripts uses it on premises. It is also available as a cloud version.
The Interset cloud deployment is actually a hybrid approach, with an on-premises gateway appliance that collects the data. It then goes into the cloud for analysis.
"It takes about 15 minutes to deploy the software, connect the data source connectors to the data that will be ingested into our system and provision the AWS cloud," said Dale Quayle, CEO at Interset Software. "Data starts flowing within 15 minutes, so you can be up and running in 30 minutes. No other UBA vendor has that capability."
It is also easy to use the product, he said.
"This is what Paul's team really appreciates," he said. "We ingest massive amounts of data, then through machine learning and analytics, boil all that data down to the top risky things and display that very plainly in our user interface. Investigators know where to focus. With a single click, that risk incident can be opened up."
The platform provides the necessary context for the incident so that investigators can decide what to do next. That includes what accounts, machines, applications, and files were involved.
"Finally with another click, an incident response workflow can be activated that includes email and text alerts, the creation and distribution of incident reports, the collection of data for evidence and the activation of risk mitigation controls across other security systems," he said. "We take incident response from a process that takes days and even weeks and enable a security team to react to incidents in minutes and hours."
The company claims 30 of the Fortune 500 as customers, as well as the U.S. intelligence community and various other government agencies.
Other vendors that offer ready-to-go solutions are Fortscale, which has on-premises canned analytics designed to detect rogue insiders and hackers with compromised credentials, and Niara, which has a plug and lay solution that can be deployed either on-premise or in the cloud.
In general the market is growing quickly, according to Gartner. User and entity behavior analytics market revenues totaled about $50 million in 2015, and are expected to climb to almost $200 million by the end of 2017, the research firm predicts.
Sign up for CIO Asia eNewsletters.