Gartner Blog Network

Category: 'ueba' Blog Posts

from the Gartner Blog Network

All My Research Published in 2017

by Anton Chuvakin  |  December 28, 2017

To make it easy for the readers to find my research, here is the list of everything I published in 2017 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

Comments: 1

Upcoming Webinar: User and Entity Behavior Analytics Tools

by Anton Chuvakin  |  June 6, 2017

Another Summer, another fun webinar with me. Topic: How to Test, Deploy and Operationalize User and Entity Behavior Analytics (UEBA) Tools Date: July 11, 2017 Time: 10PM PT / 1PM...

Read more »

Comments: 1

Why Your Security Data Lake Project Will FAIL!

by Anton Chuvakin  |  April 11, 2017

Beats me, but for some reason organizations think that they can build A SECURITY DATA LAKE and/or their own CUSTOM BIG DATA SECURITY ANALYTICS tools. Let me tell you what...

Read more »

Comments: 10

Our Security Analytics and UEBA Papers Published

by Anton Chuvakin  |  March 31, 2017

After a long, somewhat painful process our security analytics papers are out! “Demystifying Security Analytics: Sources, Methods and Use Cases” (an update to our 2015 paper) examines security analytics initiatives...

Read more »

Comments: 6

Ok, So Who Really MUST Get a UEBA?

by Anton Chuvakin  |  January 24, 2017

As I mentioned in my 2014 post on security analytics and in a related GTP paper at the same time, “The noise about big data for security has grown deafening...

Read more »

Comments: 18

Why SIEMs F*cked Up Application Log Analysis?

by Anton Chuvakin  |  January 13, 2017

This is going to be a short one: why do you think the SIEM vendors f*cked up application log analysis so badly? Think about it, SIEM technology started roughly in...

Read more »

Comments: 13

On UEBA / UBA Use Cases

by Anton Chuvakin  |  January 5, 2017

After much agonizing, we (Augusto and myself) have settled on the following list of UEBA / UBA use cases for our upcoming UEBA technology comparison. Here they are: Compromised account...

Read more »

Comments: 7

UEBA Clearly Defined, Again?

by Anton Chuvakin  |  December 12, 2016

Ok, so after yet another request to “define UBA | UEBA clearly”, this post was born. First, Gartner “Market Guide for User and Entity Behavior Analytics” (not the research we...

Read more »

Comments: 3

What Should Your UEBA Show: Indications or Conclusions?

by Anton Chuvakin  |  December 8, 2016

While starting to research UBA / UEBA and other analytics-related security tools, one interesting paradox has emerged. I’d call it “INSIGHT vs CERTAINTY paradox.” Specifically: Some UEBA users and prospects...

Read more »

Comments: 2

UEBA Shines Where SIEM Whines?

by Anton Chuvakin  |  November 14, 2016

Remember my Popular SIEM Starter Use Cases post from 2014? Let’s take a look at that list of popular SIEM use cases and see how/where UEBA helps. This will make...

Read more »

Comments: 8