User and Entity Behavior Analytics (UEBA) is evolving. What once was a stand-alone solution designed to monitor user activity has become an “integral overlay” that merges various telemetry sources to provide a comprehensive understanding of behavioral risk. With this understanding comes the ability to proactively predict anomalies rather than just react to them.
“It’s akin to our cars not just warning us of nearby objects, but also foreseeing potential collisions based on our driving patterns,” wrote Chris Ray in a recent blog for GigaOm.
In the context of insider risk management, UEBA provides the data science layer to distinguish genuine risks from false alarms with enough time to afford resolution. In this essence, UEBA plays a critical role in stopping insider risks from escalating into costly incidents.
The recently released GigaOm Radar Report for UEBA provides essential insights into the state of UEBA, and reveals the key vendors and solutions in the space.
These are the key takeaways:
Understanding Behavioral Risk is Key to Proactive Insider Risk Management
While UEBA has been around for more than a decade, recent advances – particularly in AI/ML and predictive analytics – have seen it emerge as a critical component of enterprise security architecture.
Gone are the days where UEBA would just monitor logins, files accessed, and other user behaviors in a vacuum. Today’s UEBA can consolidate multiple data points to provide the context that’s needed to understand and proactively address behavioral risk.
“From an executive standpoint, the importance of UEBA systems cannot be overstated,” wrote Ray in the GigaOm Radar Report for UEBA.
“They serve as a critical component in the modern security infrastructure by providing in-depth analysis of behavior that traditional security measures may overlook. This is crucial information in an era when threats are increasingly sophisticated and can bypass perimeter defenses.”
By providing a comprehensive understanding of behavioural risk, UEBA can enable security teams to manage insider risks before a breach occurs.
As Ray states, UEBA’s capability to synthesize and make sense of data has become a business imperative.
“It’s about more than detecting threats; it’s about proactively managing risk, reducing incident response times, and streamlining security operations for better efficiency and protection.”
Quality Data is Everything
DTEX has emerged as the frontrunner of this year’s report, standing out as the only “Outperformer” and a “Leader” out of 14 of the top UEBA solutions on the market.
In his analysis, Ray highlights DTEX’s rich endpoint telemetry as a key differentiator.
“DTEX stands out in the crowded cybersecurity landscape primarily because of its rich endpoint telemetry. This unique feature gives it the power to delve into data that is typically encrypted, providing an unparalleled depth of insight that many competitors lack,” wrote Ray in the report.
InTERCEPT for Next-Gen UEBA
As a purpose-built insider risk management platform, DTEX InTERCEPT™ operates at the intersection of UEBA, user activity monitoring and data loss prevention. Where traditional UEBA solutions focus on network monitoring, InTERCEPT provides visibility across important disparate datasets – both on and off the network – to provide a holistic picture of risk. This includes:
- 5MB of user behavior metadata from the endpoint per user per day, providing a dedicated signal that sees the important activity that network-based tools and event logs miss.
- Other valuable data (ingested directly into the cloud), including data across HR feeds (where some of the most important human sensor data resides) as well as data from Microsoft Office 365, CrowdStrike, Netskope, Splunk, Services Now, and more.
All this data is moved to the cloud for behavioral enrichment, underscored by powerful, patented AI/ML capabilities.
And, as Ray noted, DTEX can uniquely delve into typically encrypted data when there is justifiable cause. This is thanks to DTEX’s patented Pseudonymization™ technique, which enables tailored metadata collection, allowing government and enterprise entities to meet various use cases. For government entities needing to meet CNSSD 504 or escalate malicious investigations with justifiable cause, this is a significant capability.
Looking Ahead
As the threat landscape grows in complexity, organizations must ensure they have mechanisms for understanding, detecting, and responding to insider risks. The 2023 GigaOm Radar Report for UEBA provides comprehensive insights into the UEBA market to help IT decision makers make an informed decision around their UEBA investment.
Watch Conversations from the Inside: The Evolving Role of UEBA in Insider Threat Prevention
In this episode of Conversations from the Inside, DTEX Systems Co-Founder and President Mohan Koo and GigaOm CTO Howard Holton join host Christopher Burgess to unpack the latest GigaOm Radar Report for UEBA, and discuss what organizations should consider in their UEBA investment.