Next Research: Back to Security Analytics and UBA/UEBA
by Anton Chuvakin | October 27, 2016 | 3 Comments
Our deception research is winding down and the paper is nearly ready, so we are thinking about what’s next.
In fact, we are going to cook something really exciting: a comparison of various User and Entity Behavior Analytics (UEBA, sometimes just UBA) tools. And of course UEBA/UBA usage tips, “decent practices” [that’s what passes for best practices nowadays :-)], analytics architectures, etc.
We are also planning to touch up our famous “Demystifying Security Analytics…” paper. It needs to be brought to 2017!
So, our call to action:
- UBA / UEBA vendors, here is the link – you know what to do. And keep this in mind: WE WANT USE CASES. REAL WORLD PROVEN EFFECTIVENESS. And then maybe algorithms. But in that order!
- Anybody using these tools (or doing anything else they consider “security analytics”), we’d love to hear your stories: did it work? Did it fail? What methods did you choose? Has your security data lake finally turned into a swamp? Just how much you hate your SIEM?
P.S. BTW, we are not going to touch NTA / traffic analysis / network security analytics tools here – we are thinking of maybe doing it separately later…
Related blog posts about security analytics (2012-2016):
- Sad Hilarity of Predictive Analytics in Security?
- Security Analytics Webinar Questions – Answered
- On Unknown Operational Effectiveness of Security Analytics Tooling
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- Now That We Have All That Data What Do We Do, Revisited
- Who Validates Alerts Validated by Your Alert Validator Software?
- Killed by AI Much? A Rise of Non-deterministic Security!
- Those Pesky Users: How To Catch Bad Usage of Good Accounts
- Security Analytics Lessons Learned — and Ignored!
- Security Analytics: Projects vs Boxes (Build vs Buy)?
- Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
- Security Analytics – Finally Emerging For Real?
- Why No Security Analytics Market? <- important read for VCs and investors!
- More On Big Data Security Analytics Readiness
- Broadening Big Data Definition Leads to Security Idiotics!
- 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
- “Big Analytics” for Security: A Harbinger or An Outlier?
Additional Resources
Read Complimentary Relevant Research
2019 Planning Guide Overview: Architecting Your Digital Ecosystem
Technical professionals are confronting increasingly complex technology ecosystems. They must overcome this complexity to create solutions...
View Relevant Webinars
The Top IoT Technologies That Will Disrupt Your Enterprise
The Internet of Things (IoT) is generating the most rapid technology evolution and disruption the industry has seen in many years. IoT...
Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry
Thoughts on Next Research: Back to Security Analytics and UBA/UEBA
Comments are closed
TRENDING TOPICS
Who's Blogging
- Anton Chuvakin
- Rick Franzosa
- Eric Schmitt
- Debbie Wilson
- Cindi Howson
- Hank Barnes
- Mark Mcdonald
- Mark Raskino
- Stephen White
- Frances Russell
- Craig Roth
- Sally Witzky
- Deacon Wan
- Werner Goertz
- Roger Williams
- Andrew White
- Augie Ray
- Christopher Little
- Chris Ross
- Marc Brown
- Dave Egloff
- Andrew Lerner
- Augusto Barros
- Gene Phifer
- Jay Heiser
- Benjamin Bloom
- Pete Basiliere
- Gregor Petri
- Rajesh Kandaswamy
- Tony Iams
- Mike Mcguire
- Padraig Byrne
- John Wheeler
- Frank Buytendijk
- Rene Buest
- Jay Wilson
- Avivah Litan
- Simon Walker
- Todd Berkowitz
- Tad Travis
- Marco Meinardi
- Anna Maria
- Martina Kurth
- Robert Hetu
- Bryan Yeager
- Kyle Hilgendorf
- Fabio Chesini
- Michael Woodbridge
- Dave Aron
- Scot Kim
About
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.
[…] Next Research: Back to Security Analytics and UBA/UEBA […]
[…] guess, the whole point of having a war, eh? :-)] Indeed, I see a high chance of a dramatic SIEM vs UEBA / UBA confrontation in the next 1-2 years – and it will be fun to […]
[…] As Anton anticipated, we’ve started working on our next research cycle, now with the intent of producing a comparison of UEBA (User and Entity Behavior Analytics) solutions. We produced a paper comparing EDR solutions a few months ago, but so far the discussion on how to compare UEBA solutions has been far more complex (and interesting!). […]