Blog post

Next Research: Back to Security Analytics and UBA/UEBA

By Anton Chuvakin | October 27, 2016 | 0 Comments


Our deception research is winding down and the paper is nearly ready, so we are thinking about what’s next.

In fact, we are going to cook something really exciting: a comparison of various User and Entity Behavior Analytics (UEBA, sometimes just UBA) tools. And of course UEBA/UBA usage tips, “decent practices” [that’s what passes for best practices nowadays :-)], analytics architectures, etc.

We are also planning to touch up our famous “Demystifying Security Analytics…” paper. It needs to be brought to 2017!

So, our call to action:

  • UBA / UEBA vendors, here is the link – you know what to do. And keep this in mind: WE WANT USE CASES. REAL WORLD PROVEN EFFECTIVENESS. And then maybe algorithms. But in that order!
  • Anybody using these tools (or doing anything else they consider “security analytics”), we’d love to hear your stories: did it work? Did it fail? What methods did you choose? Has your security data lake finally turned into a swamp? Just how much you hate your SIEM? 🙂

P.S. BTW, we are not going to touch NTA / traffic analysis / network security analytics tools here – we are thinking of maybe doing it separately later…

Related blog posts about security analytics (2012-2016):

Comments are closed