Jump to content

User behavior analytics: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Quick copyedit to reduce tone issues. Expect more edits on tis article in future.
This is separate from the previous edit in case someone thinks that the Market_developments section is salvageable.
Line 1: Line 1:
{{Advert|date=April 2021}}
{{Advert|date=April 2021}}


'''User behavior analytics''' ('''UBA'''), according to [[Gartner]], is a [[cybersecurity]] process about [[threat detection|detection of insider threats]], targeted attacks, and [[financial fraud]]. UBA looks at patterns of [[human behavior]], and then analyzes them to detect anomalies that indicate potential threats.<ref>[https://www.gartner.com/doc/2831117/market-guide-user-behavior-analytics Market Guide for User Behavior Analytics<!-- Bot generated title -->]</ref> UBA tracks a system's users.<ref>[http://searchsecurity.techtarget.com/feature/The-hunt-for-data-analytics-Is-your-SIEM-on-the-endangered-list The hunt for data analytics: Is your SIEM on the endangered list?<!-- Bot generated title -->]</ref> [[Big data]] platforms like [[Apache Hadoop]] are increasing UBA functionality by allowing them to analyze [[petabyte]]s worth of data to detect [[insider threat]]s and [[advanced persistent threat]]s.<ref>{{Cite journal|last=Ahlm|first=Eric|last2=Litan|first2=Avivah|date=26 April 2016|title=Market Trends: User and Entity Behavior Analytics Expand Their Market Reach|url=https://www.gartner.com/doc/reprints?id=1-370BP2V&ct=160518&st=sb|journal=Gartner|access-date=15 July 2016}}</ref><ref>{{Cite web|url=http://www.cloudera.com/solutions/cybersecurity.html|title=Cybersecurity at petabyte scale|access-date=15 July 2016}}</ref>
'''User behavior analytics''' ('''UBA''') is a [[cybersecurity]] process about [[threat detection|detection of insider threats]], targeted attacks, and [[financial fraud]] that tracks a system's users. UBA looks at patterns of [[human behavior]], and then analyzes them to detect anomalies that indicate potential threats.<ref>[https://www.gartner.com/doc/2831117/market-guide-user-behavior-analytics Market Guide for User Behavior Analytics<!-- Bot generated title -->]</ref><ref>[http://searchsecurity.techtarget.com/feature/The-hunt-for-data-analytics-Is-your-SIEM-on-the-endangered-list The hunt for data analytics: Is your SIEM on the endangered list?<!-- Bot generated title -->]</ref> [[Big data]] platforms like [[Apache Hadoop]] are increasing UBA functionality by allowing them to analyze [[petabyte]]s worth of data to detect [[insider threat]]s and [[advanced persistent threat]]s.<ref>{{Cite journal|last=Ahlm|first=Eric|last2=Litan|first2=Avivah|date=26 April 2016|title=Market Trends: User and Entity Behavior Analytics Expand Their Market Reach|url=https://www.gartner.com/doc/reprints?id=1-370BP2V&ct=160518&st=sb|journal=Gartner|access-date=15 July 2016}}</ref><ref>{{Cite web|url=http://www.cloudera.com/solutions/cybersecurity.html|title=Cybersecurity at petabyte scale|access-date=15 July 2016}}</ref>


== Purpose ==
== Purpose ==
UBA's purpose, according to Johna Till Johnson of [[Nemertes Research]], is that "[[Security system]]s provide so much information that it's tough to uncover information that truly indicates a potential for real attack. Analytics tools help make sense of the vast amount of data that [[SIEM]], [[Intrusion detection system|IDS]]/IPS, [[system log]]s, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-[[buying pattern]]s. But as it turns out, UBA can be extraordinarily useful in the security context too."<ref>[http://searchsecurity.techtarget.com/feature/User-behavioral-analytics-tools-can-thwart-security-attacks User behavioral analytics tools can thwart security attacks<!-- Bot generated title -->]</ref>
UBA's purpose, according to Johna Till Johnson of [[Nemertes Research]], is that "[[Security system]]s provide so much information that it's tough to uncover information that truly indicates a potential for real attack. Analytics tools help make sense of the vast amount of data that [[SIEM]], [[Intrusion detection system|IDS]]/IPS, [[system log]]s, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-[[buying pattern]]s. But as it turns out, UBA can be extraordinarily useful in the security context too."<ref>[http://searchsecurity.techtarget.com/feature/User-behavioral-analytics-tools-can-thwart-security-attacks User behavioral analytics tools can thwart security attacks<!-- Bot generated title -->]</ref>

== Market developments ==
Developments in UBA technology led Gartner to evolve the category to '''user and entity behavior analytics''' ("'''UEBA'''"). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, [[server (computing)|server]]s, [[data]], or anything with an [[IP address]]. It moves beyond the fraud-oriented UBA focus to a broader one encompassing "malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as [[SIEM]] and DLP."<ref>{{Cite web|url=https://www.gartner.com/doc/3134524/market-guide-user-entity-behavior|title=Market Guide for User and Entity Behavior Analytics|website=www.gartner.com|access-date=2016-11-10}}</ref> The addition of "entity" reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. "When end users have been compromised, [[malware]] can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats."<ref>{{Cite web|url=http://www.csoonline.com/article/2998174/security-awareness/user-entity-behavior-analytics-next-step-in-security-visibilty.html|title=User entity behavior analytics, next step in security {{sic|hide=y|nolink=y|reason=typo in source|visibil|ty}}|last=Zurkus|first=Kacy|website=CSO Online|date=27 October 2015|access-date=2016-06-06}}</ref>

There are many vendors for UEBA applications. They can be "differentiated by whether they are designed to monitor on-premises or [[Cloud computing|cloud]]-based [[software as a service]] (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based)."<ref>{{Cite web|url=http://www.gartner.com/smarterwithgartner/detect-security-breaches-early-by-analyzing-behavior/|title=Detect Security Breaches Early by Analyzing Behavior - Smarter With Gartner|date=2015-06-04|website=Smarter With Gartner|language=en-US|access-date=2016-06-06}}</ref> According to the 2015 market guide released by Gartner, "the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased."<ref name=":0">{{Cite web|url=https://www.gartner.com/doc/reprints?id=1-2NK6M1R&ct=150922&st=sb|title=Market Guide for User and Entity Behavior Analytics|date=September 22, 2015|publisher=Gartner, Inc.|access-date=June 6, 2016}}</ref> The report further projected, "Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems."<ref name=":0" />


==See also==
==See also==

Revision as of 22:16, 6 July 2021

User behavior analytics (UBA) is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud that tracks a system's users. UBA looks at patterns of human behavior, and then analyzes them to detect anomalies that indicate potential threats.[1][2] Big data platforms like Apache Hadoop are increasing UBA functionality by allowing them to analyze petabytes worth of data to detect insider threats and advanced persistent threats.[3][4]

Purpose

UBA's purpose, according to Johna Till Johnson of Nemertes Research, is that "Security systems provide so much information that it's tough to uncover information that truly indicates a potential for real attack. Analytics tools help make sense of the vast amount of data that SIEM, IDS/IPS, system logs, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-buying patterns. But as it turns out, UBA can be extraordinarily useful in the security context too."[5]

See also

References

  1. ^ Market Guide for User Behavior Analytics
  2. ^ The hunt for data analytics: Is your SIEM on the endangered list?
  3. ^ Ahlm, Eric; Litan, Avivah (26 April 2016). "Market Trends: User and Entity Behavior Analytics Expand Their Market Reach". Gartner. Retrieved 15 July 2016.
  4. ^ "Cybersecurity at petabyte scale". Retrieved 15 July 2016.
  5. ^ User behavioral analytics tools can thwart security attacks
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=User_behavior_analytics&oldid=1032350339"