Scribd
Upload
298 views2 pages

Cybersecurity User Behavior Insights

User behavior analytics (UBA) analyzes user behavior patterns to build a profile of normal activity. It detects anomalies that may indicate a security compromise. UBA helps make sense of vast security data. UEBA extends analysis to non-user entity activities that could still relate to vulnerabilities. UEBA tracks devices, applications, servers and data, producing more complex reports than UBA. UEBA focuses on users, while endpoint detection and response focuses on endpoints.

Uploaded by

nigel989
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
298 views2 pages

Cybersecurity User Behavior Insights

User behavior analytics (UBA) analyzes user behavior patterns to build a profile of normal activity. It detects anomalies that may indicate a security compromise. UBA helps make sense of vast security data. UEBA extends analysis to non-user entity activities that could still relate to vulnerabilities. UEBA tracks devices, applications, servers and data, producing more complex reports than UBA. UEBA focuses on users, while endpoint detection and response focuses on endpoints.

Uploaded by

nigel989
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

User behavior analytics

User behavior analytics (UBA) or User and Entity Behavior Analytics (UEBA),[1] is the concept of
analyzing the behavior of users, subjects, visitors, etc. for a specific purpose.[2] It allows cybersecurity tools
to build a profile of each individual's normal activity, by looking at patterns of human behavior, and then
highlighting deviations from that profile (or anomalies) that may indicate a potential compromise.[3][4][5]

Purpose of UBA
The reason for using UBA, according to Johna Till Johnson from Nemertes Research, is that "security
systems provide so much information that it is tough to uncover information that truly indicates a potential
for a real attack. Analytics tools help make sense of the vast amount of data that SIEM, IDS/IPS, system
logs, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the
behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to
help companies understand and predict consumer-buying patterns. But as it turns out, UBA can be
extraordinarily useful in the security context too."[6]

Distinction between UBA and UEBA


The E in UEBA extends the analysis to include entity activities that take place but that are not necessarily
directly linked or tied to a user's specific actions but that can still correlate to a vulnerability, reconnaissance,
intrusion breach or exploit occurrence.[2]

The term "UEBA" was coined by Gartner in 2015. UEBA tracks the activity of devices, applications,
servers and data. UEBA systems produce more data and provide more complex reporting options than
UBA systems.[1]

Difference with EDR


UEBA Tools differ from Endpoint detection and response (EDR) capabilities in that UEBA is an analytic
focus on the user whereas EDR has an analytic focus on the endpoint.[3]

See also
Behavioral analytics
Network behavior anomaly detection
User activity monitoring

References
1. "What is User (and Entity) Behavior Analytics (UBA or UEBA)?" ([Link]
searchsecurity/definition/user-behavior-analytics-UBA). Security. Retrieved 2023-05-05.
2. Mike Chapple, James Michael Stewart, Darril Gibson (June 2021). (ISC)2 CISSP Certified
Information Systems Security Professional Official Study Guide (9th ed.). Wiley. p. 49.
ISBN 978-1-119-78623-8.
3. Mike Chapple, James Michael Stewart, Darril Gibson (June 2021). (ISC)2 CISSP Certified
Information Systems Security Professional Official Study Guide (9th ed.). Wiley. p. 1009.
ISBN 978-1-119-78623-8.
4. Market Guide for User Behavior Analytics ([Link]
de-user-behavior-analytics)
5. The hunt for data analytics: Is your SIEM on the endangered list? ([Link]
[Link]/feature/The-hunt-for-data-analytics-Is-your-SIEM-on-the-endangered-list)
6. User behavioral analytics tools can thwart security attacks ([Link]
om/feature/User-behavioral-analytics-tools-can-thwart-security-attacks)

External links
ABC's Of UBA ([Link]

Retrieved from "[Link]

You might also like