User behavior analytics: Difference between revisions
No edit summary |
|||
| (17 intermediate revisions by 7 users not shown) | |||
| Line 1: | Line 1: | ||
| ⚫ | '''User behavior analytics''' ('''UBA''') or '''user and entity behavior analytics''' ('''UEBA'''),<ref name=":0">{{Cite web |title=What is User (and Entity) Behavior Analytics (UBA or UEBA)? |url=https://www.techtarget.com/searchsecurity/definition/user-behavior-analytics-UBA |access-date=2023-05-05 |website=Security |language=en}}</ref> is the concept of analyzing the behavior of users, subjects, visitors, etc. for a specific purpose.<ref name=":1">{{Cite book |last=Mike Chapple, James Michael Stewart, Darril Gibson |title=(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide |publisher=Wiley |date=June 2021 |isbn=978-1-119-78623-8 |edition=9th |pages=49 |language=en}}</ref> It allows [[cybersecurity]] tools to build a profile of each individual's normal activity, by looking at patterns of [[human behavior]], and then highlighting deviations from that profile (or anomalies) that may indicate a potential compromise.<ref name=":2">{{Cite book |last=Mike Chapple, James Michael Stewart, Darril Gibson |title=(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide |publisher=Wiley |date=June 2021 |isbn=978-1-119-78623-8 |edition=9th |pages=1009 |language=en}}</ref><ref>[https://www.gartner.com/doc/2831117/market-guide-user-behavior-analytics Market Guide for User Behavior Analytics<!-- Bot generated title -->]</ref><ref>[http://searchsecurity.techtarget.com/feature/The-hunt-for-data-analytics-Is-your-SIEM-on-the-endangered-list The hunt for data analytics: Is your SIEM on the endangered list?<!-- Bot generated title -->]</ref> |
||
{{Multiple issues| |
|||
{{Peacock|date=November 2022}} |
|||
{{Additional citations|date=November 2022}} |
|||
{{Advert|date=April 2021}} |
|||
}} |
|||
| ⚫ | '''User behavior analytics''' ('''UBA''') or ''' |
||
<!-- Still feels like an advertisement. Do more work here. --> |
<!-- Still feels like an advertisement. Do more work here. --> |
||
== Purpose of UBA == |
== Purpose of UBA == |
||
The |
The reason for using UBA, according to Johna Till Johnson from [[Nemertes Research]], is that "[[security system]]s provide so much information that it is tough to uncover information that truly indicates a potential for a real attack. Analytics tools help make sense of the vast amount of data that [[SIEM]], [[Intrusion detection system|IDS]]/IPS, [[system log]]s, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-[[buying pattern]]s. But as it turns out, UBA can be extraordinarily useful in the security context too."<ref>[http://searchsecurity.techtarget.com/feature/User-behavioral-analytics-tools-can-thwart-security-attacks User behavioral analytics tools can thwart security attacks<!-- Bot generated title -->] |
||
<!-- Section is bare & consists of quote only. Please fix! --> |
<!-- Section is bare & consists of quote only. Please fix! --> |
||
</ref> |
</ref> |
||
== |
== Distinction between UBA and UEBA == |
||
The E in UEBA extends the analysis to include entity activities that take place but that are not necessarily directly linked or tied to a user's specific actions but that can still correlate to a vulnerability, reconnaissance, intrusion breach or exploit occurrence.<ref name=":1" /> |
|||
| ⚫ | The term UEBA was coined by Gartner in 2015 |
||
| ⚫ | |||
== Difference with EDR == |
|||
UEBA tools differ from [[endpoint detection and response]] (EDR) capabilities in that UEBA is an analytic focus on the user behavior whereas EDR has an analytic focus on the [[Endpoint security|endpoint]].<ref name=":2" /> Cybersecurity solutions, like EDR and XDR, typically prioritize detection and response to external threats once an incident has occurred. EUBA and IRM solutions are looking for prevent potential risks internally by analyzing employee behavior. |
|||
==See also== |
==See also== |
||
Latest revision as of 19:06, 23 May 2024
User behavior analytics (UBA) or user and entity behavior analytics (UEBA),[1] is the concept of analyzing the behavior of users, subjects, visitors, etc. for a specific purpose.[2] It allows cybersecurity tools to build a profile of each individual's normal activity, by looking at patterns of human behavior, and then highlighting deviations from that profile (or anomalies) that may indicate a potential compromise.[3][4][5]
Purpose of UBA
[edit]The reason for using UBA, according to Johna Till Johnson from Nemertes Research, is that "security systems provide so much information that it is tough to uncover information that truly indicates a potential for a real attack. Analytics tools help make sense of the vast amount of data that SIEM, IDS/IPS, system logs, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-buying patterns. But as it turns out, UBA can be extraordinarily useful in the security context too."[6]
Distinction between UBA and UEBA
[edit]The E in UEBA extends the analysis to include entity activities that take place but that are not necessarily directly linked or tied to a user's specific actions but that can still correlate to a vulnerability, reconnaissance, intrusion breach or exploit occurrence.[2]
The term "UEBA" was coined by Gartner in 2015. UEBA tracks the activity of devices, applications, servers and data. UEBA systems produce more data and provide more complex reporting options than UBA systems.[1]
Difference with EDR
[edit]UEBA tools differ from endpoint detection and response (EDR) capabilities in that UEBA is an analytic focus on the user behavior whereas EDR has an analytic focus on the endpoint.[3] Cybersecurity solutions, like EDR and XDR, typically prioritize detection and response to external threats once an incident has occurred. EUBA and IRM solutions are looking for prevent potential risks internally by analyzing employee behavior.
See also
[edit]References
[edit]- ^ a b "What is User (and Entity) Behavior Analytics (UBA or UEBA)?". Security. Retrieved 2023-05-05.
- ^ a b Mike Chapple, James Michael Stewart, Darril Gibson (June 2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (9th ed.). Wiley. p. 49. ISBN 978-1-119-78623-8.
{{cite book}}: CS1 maint: multiple names: authors list (link) - ^ a b Mike Chapple, James Michael Stewart, Darril Gibson (June 2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (9th ed.). Wiley. p. 1009. ISBN 978-1-119-78623-8.
{{cite book}}: CS1 maint: multiple names: authors list (link) - ^ Market Guide for User Behavior Analytics
- ^ The hunt for data analytics: Is your SIEM on the endangered list?
- ^ User behavioral analytics tools can thwart security attacks