UEBA successfully detects malicious and abusive activity that otherwise goes unnoticed, and effectively consolidates and prioritizes security alerts sent from other systems.
- The user and entity behavior analytics (UEBA) market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.
- Enterprises successfully use UEBA to detect malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.
Chief information officers, chief information security officers and security managers should:
- Use UEBA to detect insider threats and external hackers, and choose vendors with solutions that align with your use cases, for example, security monitoring or data exfiltration.
- Integrate UEBA with existing security applications by feeding UEBA systems with logs and data the existing security applications already collect. Incorporate network and endpoint data for visibility into activity not available in logs.
- Do not discount the need to investigate individuals who have low risk scores in UEBA systems.
- Operationalize UEBA by sending alerts to security orchestration, ticketing and workflow systems.
- Favor UEBA vendors who profile multiple entities including users and their peer groups, and devices, and who use machine learning to detect anomalies. These features enable more accurate detection of malicious or abusive users.
View the full article at Gartner.com