I just got back from a whirlwind client-packed week at the flagship Gartner Security Summit in the Washington D.C. area.
One thing that hit home was discussions with DAM (Database Activity Monitoring) vendors who are implementing a data centric view of UEBA. That is, they are starting with the data that their current products revolve around, and building up profiles and analysis of; access to, use of, and activity around specific data. In this analysis, data is the anchor element (as opposed to a user, endpoint or network).
I always struggled with how to fit the D into the UEBA market. Our diagrams of the UEBA market – see below- left this important dimension out when describing the entities that were anchors for UEBA security analytics, largely because there was nothing happening in this ‘D’ dimension when we authored our first UEBA market guide in 2015.
It’s good to see this dimension coming along. The data (and file) views are critical as anchors, since the bad guys are almost always going after data or information in organizational systems. It makes it easier to ‘not boil the ocean’ of security analytics looking for security infractions if you analyze access to and use of your ‘crown jewels’ which are inevitably sitting in a database, data lake, or file system.
For the time being, as noted in the diagram, UEBA vendors in various categories complement each other. Vendors with a ‘D’ focus will be instrumental in the future in finding the ‘needles in the needles’ that are sitting in a database.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.