User and Entity Behavior Analytics (UEBA)

---

User and entity behavior analytics (UEBA) is a system that can provide automated identification of suspicious activity by user accounts and computer hosts.

• aka User behavior analytics (UBA)
• is a cybersecurity approach based on monitoring and analyzing the behavior of users within an organization to detect anomalies indicative of potential threats
• uses machine learning, data science, and statistical analysis techniques to establish a baseline profile for an organization’s users and entities
  • include:
    • how, when, and where they access the network
    • what resources they use
    • and other behavior patterns
• Once baseline profiles are established,
  • system continuously monitors and compares new behavior against the established baseline
  • alerts to unusual or suspicious activities
• products:
  • Splunk User Behavior Analytics
  • IBM QRadar User Behavior Analytics
  • Rapid7 Insight IDR
  • Forcepoint Insider Threat