30+ years of IT solutions and services excellence.

Need IT or cybersecurity help? Talk to us →

Live Now:  

User Behavior Analytics (UBA or UEBA)

Quick definition  ⓘ
Why it matters: Cybersecurity doesn't stop after login; what an authenticated user is doing with their access is just as important as protecting the login.
74Percent
Percentage of data breaches that involve a "human element" or some form of human behavior in the execution.https://www.verizon.com/business/resources/reports/dbir/

Key Points

  • Security doesn't end with the login prompt; activity after login is just as critical
  • User behavior analytics helps to prevent risky or rogue user behavior
  • User behavior analytics is also a key detection mechanism for stolen accounts
  • Especially with entity analytics added, it can also be used to detect malware
© Yurolaitsalbert / Dreamstime

There's more to cybersecurity than access control. Many activities are ambiguous in nature—potentially sound, but also potentially harmful. This is where UBA/UEBA shines.

Quick Read

User behavior analytics (UBA) and user and entity behavior analytics (UEBA) are key lines of defense against malicious activity that occurs once a login has already been completed.

Too many organizations, particularly in the small-to-medium size range, presume that securing login prompts and implementing access controls is the key to effective cybersecurity. Unfortunately, threat actors routinely get ahold of stolen credentials, and disgruntled or malicious employees do go rogue.

Many forms of malicious activity are difficult to detect because they could be legitimate in some circumstances, while not in others. For this reason, it's difficult to harden an organization against every possible threat using access controls alone—as some accounts simply need access to some resources, even if that access can in some cases be used in malicious ways.

User behavior analytics fills the gap here, monitoring user and system activity and notifying either security team members or other systems of anomalous or potentially threatening activity happening on accounts or systems whose access is otherwise legitimate. This makes user behavior analytics an invaluable tool for detecting stolen account use, rogue employee behavior, and other forms of threatening activity that might otherwise go undetected following login.

False alarm rates, a growing problem in cybersecurity, can also be reduced with the adoption of user behavior analytics solutions, particularly when paired with SIEM solutions. When an alert is raised that a user account is accessing sensitive resources or systems, this alert can be automatically cross-checked with the behavior of the account via user behavior analytics, giving a contextual evaluation before raising the alert to human triage teams.

A baseline of "normal" activity can also be established, helping to detect other problems and reduce some kinds of costs—inactive or unproductive users, unused software or resources, and other kinds of behavioral data that is often otherwise difficult for organizations to come by.

Further Reading

—Aron Hsiao

Need User and Entity Behavior Analytics solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.

 

Thanks for reaching out! A Plurilock representative will contact you shortly.

What Plurilock Offers
Real-time Identity Confirmation and SIEM Enrichment with Behavioral Biometrics
SSO, CASB, and DLP with Real-Time Passive Authentication

More to Know

© Elnur / Dreamstime

Insider Threats Matter

No small portion of cybersecurity incidents are actually the result of either bad behavior or privilege misuse carried out by company employees. User behavior analytics provides a way to understand and alert on harmful activity, not just "cyber attacks."

© Monstarrrr / Dreamstime

Fewer False Alarms

Behavior analytics data can be used in concert with SIEM/SOAR to fine-tune which alerts and actions involve the SOC team. Triage cross-checks with UEBA data can help to reduce false alarm load or provide added context to expedite resolution.

© Cacaroot / Dreamstime

Productivity and Compliance

Organizations are also finding uses for UEBA in establishing normal baselines for productivity and compliance, and in detecting deviations in productivity and compliance that likely require attention—a new source of cost savings.

Quick Definition

User Behavior Analytics, or UBA (sometimes also called User and Entity Behavior Analytics, or UEBA) describes the monitoring and analysis of activity carried out while users (and, in the case of UEBA, while automated systems and devices) do their work. This monitoring and analysis may be used for identity confirmation, for threat detection and response, for generating productivity insights, or for any other application in which extensive, real-time data about user activity is useful.

UBA is often a key input into and/or feature of security information and event management (SIEM) systems in enterprises.