User behavior analytics: Difference between revisions
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
{{Advert|date=April 2021}} |
{{Advert|date=April 2021}} |
||
}} |
}} |
||
'''User behavior analytics''' ('''UBA''') or '''User and Entity Behavior Analytics''' ('''UEBA'''),<ref>{{Cite web |title=What is User (and Entity) Behavior Analytics (UBA or UEBA)? |url=https://www.techtarget.com/searchsecurity/definition/user-behavior-analytics-UBA |access-date=2023-05-05 |website=Security |language=en}}</ref> is a [[cybersecurity]] process regarding the [[threat detection|detection of insider threats]], targeted attacks, and [[financial fraud]] that tracks a system's users. UBA looks at patterns of [[human behavior]], and then analyzes observations to detect anomalies that may indicate potential threats.<ref>[https://www.gartner.com/doc/2831117/market-guide-user-behavior-analytics Market Guide for User Behavior Analytics<!-- Bot generated title -->]</ref><ref>[http://searchsecurity.techtarget.com/feature/The-hunt-for-data-analytics-Is-your-SIEM-on-the-endangered-list The hunt for data analytics: Is your SIEM on the endangered list?<!-- Bot generated title -->]</ref> |
'''User behavior analytics''' ('''UBA''') or '''User and Entity Behavior Analytics''' ('''UEBA'''),<ref name=":0">{{Cite web |title=What is User (and Entity) Behavior Analytics (UBA or UEBA)? |url=https://www.techtarget.com/searchsecurity/definition/user-behavior-analytics-UBA |access-date=2023-05-05 |website=Security |language=en}}</ref> is a [[cybersecurity]] process regarding the [[threat detection|detection of insider threats]], targeted attacks, and [[financial fraud]] that tracks a system's users. UBA looks at patterns of [[human behavior]], and then analyzes observations to detect anomalies that may indicate potential threats.<ref>[https://www.gartner.com/doc/2831117/market-guide-user-behavior-analytics Market Guide for User Behavior Analytics<!-- Bot generated title -->]</ref><ref>[http://searchsecurity.techtarget.com/feature/The-hunt-for-data-analytics-Is-your-SIEM-on-the-endangered-list The hunt for data analytics: Is your SIEM on the endangered list?<!-- Bot generated title -->]</ref> |
||
<!-- Still feels like an advertisement. Do more work here. --> |
<!-- Still feels like an advertisement. Do more work here. --> |
||
| Line 11: | Line 11: | ||
<!-- Section is bare & consists of quote only. Please fix! --> |
<!-- Section is bare & consists of quote only. Please fix! --> |
||
</ref> |
</ref> |
||
== Difference between UBA and UEBA == |
|||
The term UEBA was coined by Gartner in 2015. UEBA goes beyond analyzing only user behavior data it also combines user behavior data with behavior data from entities. UEBA tracks the activity of devices, applications, servers and data. EBA systems produce more data and provide more complex reporting options than UBA systems.<ref name=":0" /> |
|||
==See also== |
==See also== |
||
Revision as of 15:01, 5 May 2023
 | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
User behavior analytics (UBA) or User and Entity Behavior Analytics (UEBA),[1] is a cybersecurity process regarding the detection of insider threats, targeted attacks, and financial fraud that tracks a system's users. UBA looks at patterns of human behavior, and then analyzes observations to detect anomalies that may indicate potential threats.[2][3]
Purpose
The purpose of UBA According to Johna Till Johnson from Nemertes Research, Security systems provide so much information that it's tough to uncover information that truly indicates a potential for a real attack. Analytics tools help make sense of the vast amount of data that SIEM, IDS/IPS, system logs, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-buying patterns. But as it turns out, UBA can be extraordinarily useful in the security context too."[4]
Difference between UBA and UEBA
The term UEBA was coined by Gartner in 2015. UEBA goes beyond analyzing only user behavior data it also combines user behavior data with behavior data from entities. UEBA tracks the activity of devices, applications, servers and data. EBA systems produce more data and provide more complex reporting options than UBA systems.[1]