Our Security Analytics and UEBA Papers Published

After a long, somewhat painful process our security analytics papers are out!

1. “Demystifying Security Analytics: Sources, Methods and Use Cases” (an update to our 2015 paper) examines security analytics initiatives based on a framework of data sources, methods and use cases – now with more machine learning coverage.
2. “A Comparison of UEBA Technologies and Solutions” (new research) contrasts select UEBA technologies based on use cases and capabilities and highlights common usage scenarios and tool evaluation processes.

Since we are running our paper feedback experiment, please provide your comments from reading the papers here! Thanks a lot for helping us create better research for you!

Some fun quotes from each follow below:

“Demystifying Analytics…” paper:

• “Data is [still] lacking on the comparative effectiveness of various analytic algorithms (implemented in vendor tools) versus current, real-world threats and problems. Most organizations instead choose to compare tools based on their own test effectiveness and other requirements.”
• “Many vendors use ML as a buzzword to define the inner workings of their solutions. However, many products don’t go beyond a few slightly more advanced statistics. ”
• “Next, can future SIEM tools satisfy the emerging security analytics requirements? At this point, the answer is “maybe,” if some of its design constrains are harmonized.”

“UEBA Comparison” paper:

• “UEBA technology is maturing, and UEBA use cases are becoming standardized. Most organizations are looking for better detection of account compromise, system compromise, data leak and insider threats, and they want to gain better insights about the environment.”
• “Although the main characteristics of these solutions have been converging, and the main use cases are now easily identifiable, there are still vast differences in the approaches by the vendors and their views on what constitutes key capabilities for a UEBA solution.”
• “The major trend in the UEBA market is the increasing proximity with SIEM. The major SIEM vendors are either building UEBA capabilities or getting them from UEBA vendors via partnerships and acquisitions. The pure UEBA vendors are also preparing for this new scenario by adding typical SIEM capabilities, such as log aggregation and reporting, to their solutions.”

Read the papers (this and this)? NOW go and provide feedback for us – so that the future updates are more useful for you! Thanks! 🙂

Related posts on paper publication:

• All My Research Published in 2016

Related blog posts on security analytics:

• Ok, So Who Really MUST Get a UEBA?
• On UEBA / UBA Use Cases
• UEBA Clearly Defined, Again?
• Comparing UEBA Solutions (by Augusto)
• What Should Your UEBA Show: Indications or Conclusions?
• UEBA Shines Where SIEM Whines?
• The Coming UBA / UEBA – SIEM War!
• Next Research: Back to Security Analytics and UBA/UEBA
• Sad Hilarity of Predictive Analytics in Security?
• Security Analytics Webinar Questions – Answered
• On Unknown Operational Effectiveness of Security Analytics Tooling
• Now That We Have All That Data What Do We Do, Revisited
• Killed by AI Much? A Rise of Non-deterministic Security!
• Those Pesky Users: How To Catch Bad Usage of Good Accounts
• Security Analytics Lessons Learned — and Ignored!
• Security Analytics: Projects vs Boxes (Build vs Buy)?
• Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
• Security Analytics – Finally Emerging For Real?
• Why No Security Analytics Market? <- important read for VCs and investors! Works in 2017 too, mostly.
• More On Big Data Security Analytics Readiness
• 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
• “Big Analytics” for Security: A Harbinger or An Outlier?