User behavior analytics

From Wikipedia, the free encyclopedia

User behavior analytics (UBA) or user and entity behavior analytics (UEBA),[1] is the concept of analyzing the behavior of users, subjects, visitors, etc. for a specific purpose.[2] It allows cybersecurity tools to build a profile of each individual's normal activity, by looking at patterns of human behavior, and then highlighting deviations from that profile (or anomalies) that may indicate a potential compromise.[3][4][5]

Purpose of UBA[edit]

The reason for using UBA, according to Johna Till Johnson from Nemertes Research, is that "security systems provide so much information that it is tough to uncover information that truly indicates a potential for a real attack. Analytics tools help make sense of the vast amount of data that SIEM, IDS/IPS, system logs, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-buying patterns. But as it turns out, UBA can be extraordinarily useful in the security context too."[6]

Distinction between UBA and UEBA[edit]

The E in UEBA extends the analysis to include entity activities that take place but that are not necessarily directly linked or tied to a user's specific actions but that can still correlate to a vulnerability, reconnaissance, intrusion breach or exploit occurrence.[2]

The term "UEBA" was coined by Gartner in 2015. UEBA tracks the activity of devices, applications, servers and data. UEBA systems produce more data and provide more complex reporting options than UBA systems.[1]

Difference with EDR[edit]

UEBA tools differ from endpoint detection and response (EDR) capabilities in that UEBA is an analytic focus on the user whereas EDR has an analytic focus on the endpoint.[3]

See also[edit]

References[edit]

  1. ^ a b "What is User (and Entity) Behavior Analytics (UBA or UEBA)?". Security. Retrieved 2023-05-05.
  2. ^ a b Mike Chapple, James Michael Stewart, Darril Gibson (June 2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (9th ed.). Wiley. p. 49. ISBN 978-1-119-78623-8.{{cite book}}: CS1 maint: multiple names: authors list (link)
  3. ^ a b Mike Chapple, James Michael Stewart, Darril Gibson (June 2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (9th ed.). Wiley. p. 1009. ISBN 978-1-119-78623-8.{{cite book}}: CS1 maint: multiple names: authors list (link)
  4. ^ Market Guide for User Behavior Analytics
  5. ^ The hunt for data analytics: Is your SIEM on the endangered list?
  6. ^ User behavioral analytics tools can thwart security attacks

External links[edit]