Blog post

Our Security Analytics and UEBA Papers Published

By Anton Chuvakin | March 31, 2017 | 0 Comments


After a long, somewhat painful process our security analytics papers are out!

  1. “Demystifying Security Analytics: Sources, Methods and Use Cases” (an update to our 2015 paper) examines security analytics initiatives based on a framework of data sources, methods and use cases – now with more machine learning coverage.
  2. “A Comparison of UEBA Technologies and Solutions” (new research) contrasts select UEBA technologies based on use cases and capabilities and highlights common usage scenarios and tool evaluation processes.

Since we are running our paper feedback experiment, please provide your comments from reading the papers here! Thanks a lot for helping us create better research for you!

Some fun quotes from each follow below:

“Demystifying Analytics…” paper:

  • “Data is [still] lacking on the comparative effectiveness of various analytic algorithms (implemented in vendor tools) versus current, real-world threats and problems. Most organizations instead choose to compare tools based on their own test effectiveness and other requirements.”
  • “Many vendors use ML as a buzzword to define the inner workings of their solutions. However, many products don’t go beyond a few slightly more advanced statistics. ”
  • “Next, can future SIEM tools satisfy the emerging security analytics requirements? At this point, the answer is “maybe,” if some of its design constrains are harmonized.”

“UEBA Comparison” paper:

  • “UEBA technology is maturing, and UEBA use cases are becoming standardized. Most organizations are looking for better detection of account compromise, system compromise, data leak and insider threats, and they want to gain better insights about the environment.”
  • “Although the main characteristics of these solutions have been converging, and the main use cases are now easily identifiable, there are still vast differences in the approaches by the vendors and their views on what constitutes key capabilities for a UEBA solution.”
  • “The major trend in the UEBA market is the increasing proximity with SIEM. The major SIEM vendors are either building UEBA capabilities or getting them from UEBA vendors via partnerships and acquisitions. The pure UEBA vendors are also preparing for this new scenario by adding typical SIEM capabilities, such as log aggregation and reporting, to their solutions.”

Read the papers (this and this)? NOW go and provide feedback for us – so that the future updates are more useful for you! Thanks! 🙂

Related posts on paper publication:

Related blog posts on security analytics:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed