Gartner Blog Network


Next Research: Back to Security Analytics and UBA/UEBA

by Anton Chuvakin  |  October 27, 2016  |  3 Comments

Our deception research is winding down and the paper is nearly ready, so we are thinking about what’s next.

In fact, we are going to cook something really exciting: a comparison of various User and Entity Behavior Analytics (UEBA, sometimes just UBA) tools. And of course UEBA/UBA usage tips, “decent practices” [that’s what passes for best practices nowadays :-)], analytics architectures, etc.

We are also planning to touch up our famous “Demystifying Security Analytics…” paper. It needs to be brought to 2017!

So, our call to action:

  • UBA / UEBA vendors, here is the link – you know what to do. And keep this in mind: WE WANT USE CASES. REAL WORLD PROVEN EFFECTIVENESS. And then maybe algorithms. But in that order!
  • Anybody using these tools (or doing anything else they consider “security analytics”), we’d love to hear your stories: did it work? Did it fail? What methods did you choose? Has your security data lake finally turned into a swamp? Just how much you hate your SIEM? 🙂

P.S. BTW, we are not going to touch NTA / traffic analysis / network security analytics tools here – we are thinking of maybe doing it separately later…

Related blog posts about security analytics (2012-2016):

Additional Resources

Category: analytics  security  ueba  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Next Research: Back to Security Analytics and UBA/UEBA


  1. Monthly Blog Round-Up – October 2016 – sec.uno says:
    November 1, 2016 at 5:24 pm

    […] Next Research: Back to Security Analytics and UBA/UEBA […]

  2. The Coming UBA / UEBA - SIEM War! - Anton Chuvakin says:
    November 7, 2016 at 9:40 pm

    […] guess, the whole point of having a war, eh? :-)] Indeed, I see a high chance of a dramatic SIEM vs UEBA / UBA confrontation in the next 1-2 years – and it will be fun to […]

  3. Comparing UEBA Solutions - Augusto Barros says:
    November 28, 2016 at 10:22 pm

    […] As Anton anticipated, we’ve started working on our next research cycle, now with the intent of producing a comparison of UEBA (User and Entity Behavior Analytics) solutions. We produced a paper comparing EDR solutions a few months ago, but so far the discussion on how to compare UEBA solutions has been far more complex (and interesting!). […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.