Blog post

Next Research: Back to Security Analytics and UBA/UEBA

By Anton Chuvakin | October 27, 2016 | 0 Comments


Our deception research is winding down and the paper is nearly ready, so we are thinking about what’s next.

In fact, we are going to cook something really exciting: a comparison of various User and Entity Behavior Analytics (UEBA, sometimes just UBA) tools. And of course UEBA/UBA usage tips, “decent practices” [that’s what passes for best practices nowadays :-)], analytics architectures, etc.

We are also planning to touch up our famous “Demystifying Security Analytics…” paper. It needs to be brought to 2017!

So, our call to action:

  • UBA / UEBA vendors, here is the link – you know what to do. And keep this in mind: WE WANT USE CASES. REAL WORLD PROVEN EFFECTIVENESS. And then maybe algorithms. But in that order!
  • Anybody using these tools (or doing anything else they consider “security analytics”), we’d love to hear your stories: did it work? Did it fail? What methods did you choose? Has your security data lake finally turned into a swamp? Just how much you hate your SIEM? 🙂

P.S. BTW, we are not going to touch NTA / traffic analysis / network security analytics tools here – we are thinking of maybe doing it separately later…

Related blog posts about security analytics (2012-2016):

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed