请输入您要查询的百科知识:

 

词条 User behavior analytics
释义

  1. Purpose

  2. Market developments

  3. See also

  4. References

User behavior analytics (UBA) as defined by Gartner is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats.[1] Instead of tracking devices or security events, UBA tracks a system's users.[2] Big data platforms like Apache Hadoop are increasing UBA functionality by allowing them to analyze petabytes worth of data to detect insider threats and advanced persistent threats.[3][4]

Purpose

The problem UBA responds to, as described by Nemertes Research CEO Johna Till Johnson, is that "Security systems provide so much information that it's tough to uncover information that truly indicates a potential for real attack. Analytics tools help make sense of the vast amount of data that SIEM, IDS/IPS, system logs, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-buying patterns. But as it turns out, UBA can be extraordinarily useful in the security context too." [5]

Market developments

Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics ("UEBA"). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing "malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP."[6] The addition of "entity" reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. "When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats."[7]

Particularly in the computer security market, there are many vendors for UEBA applications. They can be "differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based)."[8]

According to the 2015 market guide released by Gartner, "the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased."[9] The report further projected, "Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems."[9]

See also

  • Behavioral analytics
  • Network behavior anomaly detection

References

1. ^[https://www.gartner.com/doc/2831117/market-guide-user-behavior-analytics Market Guide for User Behavior Analytics]
2. ^The hunt for data analytics: Is your SIEM on the endangered list?
3. ^{{Cite journal|last=Ahlm|first=Eric|last2=Litan|first2=Avivah|date=26 April 2016|title=Market Trends: User and Entity Behavior Analytics Expand Their Market Reach|url=https://www.gartner.com/doc/reprints?id=1-370BP2V&ct=160518&st=sb|journal=Gartner|volume=|issue=|doi=|pmid=|access-date=15 July 2016|via=}}
4. ^{{Cite web|url=http://www.cloudera.com/solutions/cybersecurity.html|title=Cybersecurity at petabyte scale|last=|first=|date=|website=|publisher=|access-date=15 July 2016}}
5. ^User behavioral analytics tools can thwart security attacks
6. ^{{Cite web|url=https://www.gartner.com/doc/3134524/market-guide-user-entity-behavior|title=Market Guide for User and Entity Behavior Analytics|website=www.gartner.com|access-date=2016-11-10}}
7. ^{{Cite web|url=http://www.csoonline.com/article/2998174/security-awareness/user-entity-behavior-analytics-next-step-in-security-visibilty.html|title=User entity behavior analytics, next step in security {{sic|hide=y|nolink=y|reason=typo in source|visibil|ty}}|last=Zurkus|first=Kacy|website=CSO Online|access-date=2016-06-06}}
8. ^{{Cite web|url=http://www.gartner.com/smarterwithgartner/detect-security-breaches-early-by-analyzing-behavior/|title=Detect Security Breaches Early by Analyzing Behavior - Smarter With Gartner|date=2015-06-04|website=Smarter With Gartner|language=en-US|access-date=2016-06-06}}
9. ^{{Cite web|url=https://www.gartner.com/doc/reprints?id=1-2NK6M1R&ct=150922&st=sb|title=Market Guide for User and Entity Behavior Analytics|last=|first=|date=September 22, 2015|website=|publisher=Gartner, Inc.|access-date=June 6, 2016}}

4 : Artificial intelligence|Machine learning|Computer security|Human behavior
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/10 13:47:00