There's more to cybersecurity than access control. Many activities are ambiguous in nature—potentially sound, but also potentially harmful. This is where UBA/UEBA shines.
User behavior analytics (UBA) and user and entity behavior analytics (UEBA) are key lines of defense against malicious activity that occurs once a login has already been completed.
Too many organizations, particularly in the small-to-medium size range, presume that securing login prompts and implementing access controls is the key to effective cybersecurity. Unfortunately, threat actors routinely get ahold of stolen credentials, and disgruntled or malicious employees do go rogue.
Many forms of malicious activity are difficult to detect because they could be legitimate in some circumstances, while not in others. For this reason, it's difficult to harden an organization against every possible threat using access controls alone—as some accounts simply need access to some resources, even if that access can in some cases be used in malicious ways.
User behavior analytics fills the gap here, monitoring user and system activity and notifying either security team members or other systems of anomalous or potentially threatening activity happening on accounts or systems whose access is otherwise legitimate. This makes user behavior analytics an invaluable tool for detecting stolen account use, rogue employee behavior, and other forms of threatening activity that might otherwise go undetected following login.
False alarm rates, a growing problem in cybersecurity, can also be reduced with the adoption of user behavior analytics solutions, particularly when paired with SIEM solutions. When an alert is raised that a user account is accessing sensitive resources or systems, this alert can be automatically cross-checked with the behavior of the account via user behavior analytics, giving a contextual evaluation before raising the alert to human triage teams.
A baseline of "normal" activity can also be established, helping to detect other problems and reduce some kinds of costs—inactive or unproductive users, unused software or resources, and other kinds of behavioral data that is often otherwise difficult for organizations to come by.
User Behavior Analytics, or UBA (sometimes also called User and Entity Behavior Analytics, or UEBA) describes the monitoring and analysis of activity carried out while users (and, in the case of UEBA, while automated systems and devices) do their work. This monitoring and analysis may be used for identity confirmation, for threat detection and response, for generating productivity insights, or for any other application in which extensive, real-time data about user activity is useful.
UBA is often a key input into and/or feature of security information and event management (SIEM) systems in enterprises.