Gartner Blog Network

Category: 'ueba' Blog Posts

from the Gartner Blog Network

Why Your Security Data Lake Project Will FAIL!

by Anton Chuvakin  |  April 11, 2017

Beats me, but for some reason organizations think that they can build A SECURITY DATA LAKE and/or their own CUSTOM BIG DATA SECURITY ANALYTICS tools. Let me tell you what...

Read more »

Our Security Analytics and UEBA Papers Published

by Anton Chuvakin  |  March 31, 2017

After a long, somewhat painful process our security analytics papers are out! “Demystifying Security Analytics: Sources, Methods and Use Cases” (an update to our 2015 paper) examines security analytics initiatives...

Read more »

Ok, So Who Really MUST Get a UEBA?

by Anton Chuvakin  |  January 24, 2017

As I mentioned in my 2014 post on security analytics and in a related GTP paper at the same time, “The noise about big data for security has grown deafening...

Read more »

Why SIEMs F*cked Up Application Log Analysis?

by Anton Chuvakin  |  January 13, 2017

This is going to be a short one: why do you think the SIEM vendors f*cked up application log analysis so badly? Think about it, SIEM technology started roughly in...

Read more »

On UEBA / UBA Use Cases

by Anton Chuvakin  |  January 5, 2017

After much agonizing, we (Augusto and myself) have settled on the following list of UEBA / UBA use cases for our upcoming UEBA technology comparison. Here they are: Compromised account...

Read more »

UEBA Clearly Defined, Again?

by Anton Chuvakin  |  December 12, 2016

Ok, so after yet another request to “define UBA | UEBA clearly”, this post was born. First, Gartner “Market Guide for User and Entity Behavior Analytics” (not the research we...

Read more »

What Should Your UEBA Show: Indications or Conclusions?

by Anton Chuvakin  |  December 8, 2016

While starting to research UBA / UEBA and other analytics-related security tools, one interesting paradox has emerged. I’d call it “INSIGHT vs CERTAINTY paradox.” Specifically: Some UEBA users and prospects...

Read more »

UEBA Shines Where SIEM Whines?

by Anton Chuvakin  |  November 14, 2016

Remember my Popular SIEM Starter Use Cases post from 2014? Let’s take a look at that list of popular SIEM use cases and see how/where UEBA helps. This will make...

Read more »

The Coming UBA / UEBA - SIEM War!

by Anton Chuvakin  |  November 7, 2016

A war is coming!! A war where not everybody will survive [which is, I guess, the whole point of having a war, eh? :-)] Indeed, I see a high chance...

Read more »

Next Research: Back to Security Analytics and UBA/UEBA

by Anton Chuvakin  |  October 27, 2016

Our deception research is winding down and the paper is nearly ready, so we are thinking about what’s next. In fact, we are going to cook something really exciting: a...

Read more »