For VendorsBlog

UEBA - User and Entity Behavior Analytics

UEBA - User and Entity Behavior Analytics

Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics ("UEBA"). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing "malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP." The addition of "entity" reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. "When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats."

Particularly in the computer security market, there are many vendors for UEBA applications. They can be "differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based)." According to the 2015 market guide released by Gartner, "the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased." The report further projected, "Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems."

The most popular products in category UEBA - User and Entity Behavior Analytics All category products

Gurucul Identity Analytics
18
16
RHEBO Industrial Protector
18
16
BALABIT Blindspotter
14
19
IBM SECURITY QRadar SIEM
IBM
12
20
INTERSET Platform
15
17
FEATURESPACE ARIC™ Platform
20
10
COUNTERTACK Predictive EEP
10
18
DTEX SYSTEMS Advanced User Behavior Intelligence
19
8
INTERFOCUS LanScope Cat Features
13
14
PREEMPT Platform
15
12
ALCIDE Kubernetes Advisor
10
16

Compare of products in the category UEBA - User and Entity Behavior Analytics

Please turn the screen for optimal content display

Compare: UEBA - User and Entity Behavior Analytics

Characteristics

Hadoop

Clouds

On-premises software

Advanced Analytics

Incident Response

Machine Learning

Deep Learning

Visibility into users via reports and dashboards

Near real-time alerts

Forensic Tools

Customizable notification

Role based reports

Threat Intelligence reports

Licensing model all based on identity

Technologies integration

Log collection from SaaS apps

Logs and User context data from Active directory

Logs from endpoint security solutions

Network flow/Packet data

Unstructured contextual data

Log collection from OS, apps, services

Meta data from electronic communications

Statistical models

Modelling based rules and signatures

Catching users with anomaly behavior on start by baselining model на старте

System adaptation to user's dynamic role changes

  • N/A
  • N/A
  • N/A
  • N/A
  • Yes
  • N/A
  • Yes
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • Yes
  • Yes
  • N/A
  • Yes
  • Yes
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • Only HP UEBA
  • Yes
  • N/A
  • N/A
  • N/A
  • Yes
  • N/A
  • SIEM
  • IAM
  • DLP
  • SIEM
  • IAM
  • DLP
  • N/A
  • N/A
  • SIEM
  • N/A
  • N/A
  • IAM
  • DLP
  • SIEM
  • SIEM
  • DLP
  • SIEM
  • IAM
  • SIEM
  • SIEM
  • SIEM
  • IAM
  • SIEM
  • IAM
  • DLP
  • N/A
  • SIEM
  • IAM
  • DLP
  • SIEM
  • IAM
  • DLP
  • SIEM
Found mistake? Write us.

Suppliers UEBA - User and Entity Behavior Analytics

Rapid7
ARM...
  • ARM
  • AZE
  • BLR
  • GEO
  • KGZ
  • KAZ
  • MDA
  • RUS
  • TJK
  • TKM
  • UKR
  • UZB
ANYSOFT
UKR...
  • UKR
  • USA
Nozomi Networks
ARE...
  • ARE
  • AUS
  • BRA
  • CAN
  • CHE
  • DEU
  • DNK
  • ESP
  • GBR
  • ITA
  • NLD
  • PRT
  • SGP
  • USA
CUJO
AUS...
  • AUS
  • BRA
  • CHN
  • FIN
  • GBR
  • HUN
  • LTU
  • MYS
  • PHL
  • USA
Eurotech
FRA...
  • FRA
  • GBR
  • ITA
  • JPN
  • USA
Netskope
AUS...
  • AUS
  • GBR
  • IND
  • NLD
  • SGP
  • USA