Move over security controls; there’s a new sheriff in town – user and entity behavior analytics (UEBA). It may sound complicated and technical, but UEBA is actually easy to understand and it’s helping thwart destructive cyber-attacks. In the Market Guide for User and Entity Behavior Analytics, by Avivah Litan, published September 22, 2015, industry analyst firm Gartner says it “expects the UEBA market revenue will climb to almost $200 million by the end of 2017, up from less than $50 million today.” In the report, Gartner recognizes Bay Dynamics as a Representative Vendor in UEBA. We saw a 100 percent increase in revenue and customer acquisition in UEBA and the predictive analytics space in 2014.
So what is UEBA?
UEBA means analyzing the behaviors of organizations’ insiders (employees), outsiders connected to their networks (such as third party contractors) and flagging security vulnerabilities across organizations’ assets that hold sensitive data. In addition to analyzing user behavior, UEBA also assesses organizations’ entities meaning endpoints (such as laptop computers) and applications – and identifies any unusual behavior coming from those entities. Finally, UEBA connects the dots – combining the data collected from users and entities to uncover security risks that criminals may exploit.
Here’s an example. Let’s say “Joe” an employee at “X” organization is repeatedly sending private corporate information to an unfamiliar, outside individual. UEBA first detects that unusual activity, then working in sync with other security controls across the organization (like data loss prevention and SIEM), analyzes other activities Joe has performed and reviews his endpoint assets and applications to see if there are any indications his entities have been compromised. UEBA then correlates all of the data to determine whether Joe’s behavior is malicious or accidental so that his employer can implement the necessary remediation procedures.
Bay Dynamics is the only vendor delivering end to end value for the UEBA space – meaning our Risk Fabric® platform provides UEBA for insider threats, high privilege access, third party vendor behavior and organizations’ attack surface. There’s a huge of amount of data coming out of businesses’ security controls – data that comes in as bits and bytes. Our Risk Fabric platform takes that data and turns it into a story about what’s happening in businesses’ environments. This includes identifying their top cyber risks, threats and vulnerabilities. We then roll up the data and create a picture that tells a story to help prioritize what needs to be addressed immediately and how businesses can reduce cyber risk over time. Finally, we help businesses close the gap that currently exists between the raw data and how they communicate that to the right people in order to make smart decisions and take action.
Security controls such as SIEM and data loss prevention can only go so far. They alert organizations to suspicious activities however, in many cases, by the time the alerts come through and security teams determine if they are a real threat, the attackers already have what they want. UEBA digs into suspicious behaviors and activities early on. It provides a detailed story for employers about each of their employees, third party contractors and entities enabling them to catch and stop risky behaviors and security weaknesses before criminals even realize they exist. Using UEBA, employers can quickly and clearly identify their top users, threats and exploitable assets and then take action to remediate security risks across their entire infrastructure.
Note: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.