After a long, somewhat painful process our security analytics papers are out!
- “Demystifying Security Analytics: Sources, Methods and Use Cases” (an update to our 2015 paper) examines security analytics initiatives based on a framework of data sources, methods and use cases – now with more machine learning coverage.
- “A Comparison of UEBA Technologies and Solutions” (new research) contrasts select UEBA technologies based on use cases and capabilities and highlights common usage scenarios and tool evaluation processes.
Some fun quotes from each follow below:
- “Data is [still] lacking on the comparative effectiveness of various analytic algorithms (implemented in vendor tools) versus current, real-world threats and problems. Most organizations instead choose to compare tools based on their own test effectiveness and other requirements.”
- “Many vendors use ML as a buzzword to define the inner workings of their solutions. However, many products don’t go beyond a few slightly more advanced statistics. ”
- “Next, can future SIEM tools satisfy the emerging security analytics requirements? At this point, the answer is “maybe,” if some of its design constrains are harmonized.”
- “UEBA technology is maturing, and UEBA use cases are becoming standardized. Most organizations are looking for better detection of account compromise, system compromise, data leak and insider threats, and they want to gain better insights about the environment.”
- “Although the main characteristics of these solutions have been converging, and the main use cases are now easily identifiable, there are still vast differences in the approaches by the vendors and their views on what constitutes key capabilities for a UEBA solution.”
- “The major trend in the UEBA market is the increasing proximity with SIEM. The major SIEM vendors are either building UEBA capabilities or getting them from UEBA vendors via partnerships and acquisitions. The pure UEBA vendors are also preparing for this new scenario by adding typical SIEM capabilities, such as log aggregation and reporting, to their solutions.”
Related posts on paper publication:
Related blog posts on security analytics:
- Ok, So Who Really MUST Get a UEBA?
- On UEBA / UBA Use Cases
- UEBA Clearly Defined, Again?
- Comparing UEBA Solutions (by Augusto)
- What Should Your UEBA Show: Indications or Conclusions?
- UEBA Shines Where SIEM Whines?
- The Coming UBA / UEBA – SIEM War!
- Next Research: Back to Security Analytics and UBA/UEBA
- Sad Hilarity of Predictive Analytics in Security?
- Security Analytics Webinar Questions – Answered
- On Unknown Operational Effectiveness of Security Analytics Tooling
- Now That We Have All That Data What Do We Do, Revisited
- Killed by AI Much? A Rise of Non-deterministic Security!
- Those Pesky Users: How To Catch Bad Usage of Good Accounts
- Security Analytics Lessons Learned — and Ignored!
- Security Analytics: Projects vs Boxes (Build vs Buy)?
- Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
- Security Analytics – Finally Emerging For Real?
- Why No Security Analytics Market? <- important read for VCs and investors! Works in 2017 too, mostly.
- More On Big Data Security Analytics Readiness
- 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
- “Big Analytics” for Security: A Harbinger or An Outlier?
Read Complimentary Relevant Research
Security Monitoring and Operations Primer for 2017
Security monitoring and operations excellence is a key component of any effective security program. Gartner's 2017 research will guide...
View Relevant Webinars
Equip Your IAM Risk-Based Planning With a Comprehensive Risk Model
Assessment of more than 50 large IAM deployments have shown suboptimal IAM solutions with arbitrary priorities, missing time and budget...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.