Our deception research is winding down and the paper is nearly ready, so we are thinking about what’s next.
In fact, we are going to cook something really exciting: a comparison of various User and Entity Behavior Analytics (UEBA, sometimes just UBA) tools. And of course UEBA/UBA usage tips, “decent practices” [that’s what passes for best practices nowadays :-)], analytics architectures, etc.
We are also planning to touch up our famous “Demystifying Security Analytics…” paper. It needs to be brought to 2017!
So, our call to action:
- UBA / UEBA vendors, here is the link – you know what to do. And keep this in mind: WE WANT USE CASES. REAL WORLD PROVEN EFFECTIVENESS. And then maybe algorithms. But in that order!
- Anybody using these tools (or doing anything else they consider “security analytics”), we’d love to hear your stories: did it work? Did it fail? What methods did you choose? Has your security data lake finally turned into a swamp? Just how much you hate your SIEM? 🙂
P.S. BTW, we are not going to touch NTA / traffic analysis / network security analytics tools here – we are thinking of maybe doing it separately later…
Related blog posts about security analytics (2012-2016):
- Sad Hilarity of Predictive Analytics in Security?
- Security Analytics Webinar Questions – Answered
- On Unknown Operational Effectiveness of Security Analytics Tooling
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- Now That We Have All That Data What Do We Do, Revisited
- Who Validates Alerts Validated by Your Alert Validator Software?
- Killed by AI Much? A Rise of Non-deterministic Security!
- Those Pesky Users: How To Catch Bad Usage of Good Accounts
- Security Analytics Lessons Learned — and Ignored!
- Security Analytics: Projects vs Boxes (Build vs Buy)?
- Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
- Security Analytics – Finally Emerging For Real?
- Why No Security Analytics Market? <- important read for VCs and investors!
- More On Big Data Security Analytics Readiness
- Broadening Big Data Definition Leads to Security Idiotics!
- 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
- “Big Analytics” for Security: A Harbinger or An Outlier?
Comments are closed