I was speaking with a distinguished IT Security analyst at Gartner this week and we spent a good portion of our time talking about both the excitement and the frothiness of the User and Entity Behavior Analytics (UEBA) space. With the spotlight burning brighter on insider threats, our customers are very interested in learning more about how to protect themselves and how UEBA and related technologies can help with this.
Over the next few weeks we'll be posting a series of 5 blogs that talk about some of the most common questions we're asked surrounding UEBA (Also called UBA for User Behavior Analytics or SUBA for Security User Behavior Analytics by Forrester Research) to discuss this emerging category of solutions and some of the capabilities they offer. We’ll also look at how they intersect with other technologies like Next-generation Firewalls, Security Information and Event Management (SIEM or also called Security Intelligence), 2 Factor and Multifactor Authentication, IT Risk Management, and Network Forensics to name a few.
The concept of UEBA, as defined by Gartner in their Market Guide for User Behavior Analytics, is a cybersecurity process about detection of insider threats, targeted attacks, and fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats.
In the past two years we have seen a quick rise of security breaches caused by insider threats: compromised credentials, malicious privileged insiders, and more. It should be no surprise that IT security organizations are looking beyond their concerns at the perimeter and taking a closer look at how to prevent insider threats. UEBA can play a role in detecting and real-time response to these kinds of threats and breaches.
You can follow the series here:
2. Traditional UEBA vs Behavioral Firewall for Breach and Insider Threat Prevention. How do they Differ?