User behavior analytics

User behavior analytics

Did you hear about UBA and UEBA, what is User Behavior Analytics (UBA), what differences, and how they do work? The most recent Data Breach Incident Report (DBIR) found that 74% of enterprises feel vulnerable to insider attacks. Another study by Carnegie Mellon University said “30% of all respondents reported that insider attacks were the most costly and damaging than outsider threats”. So what can I do to protect my enterprise from insider threats? Well, User Behavior Analytics (UBA) will do the trick!

User behavior analytics

What is User Behavior Analytics (UBA)?

UBA stands for User Behavior Analytics which means tracking and collecting information on user activities using monitoring systems, so UBA focuses on The USER more than other Entities. User Behavior Analytics techniques provide analysis for the historical data log including authentication and Network logs stored in security information and event management  (SIEM) systems. The main purpose of user behavior analytics is to identify patterns of activities that the user caused by his behaviors. Although UBA collects both malicious and normal behavior, it primarily provides views to detect any abnormal behaviors for the information security teams. But UBA systems don’t take action depending on their final results! only other systems can take the procedures.

Differences between UBA and UEBA

UEBA stands for User and Entity Behavior Analytics. But why did we add “Entity”? Actually, UEBA is more comprehensive than UBA, it only analyzes the behaviors of the user, so the user is just an entity among others for example behavior of devices, networks, applications, and servers. Also, we can list other differences:

  • UBA tracks only user activity in contrast to (UEBA) which tracks applications and servers…etc.
  • Reports and data of UBA are simpler than UEBA.
  • Usually, UBA is designed to track insider threats on the other hand UEBA is designed to use machine learning to detect weird behaviors effectively.

Pros and cons

even though UBA is a good technology that has features, but also it is not clear of cons, Let us start with the pros:

Pros of UBA

Effective anomaly detection: UBA offers more data than SEIM systems because it analyses user behavior rather than events in the system. Fast detection of attacks inside the system: because UBA could track the behavior of users at the same moment, then UBA tools are going to help you to detect malicious activities as soon as possible.

Cons of UBA

alert fatigue occurs: when users do activities such as accessing a new file or using other new resources, machine learning in UBA can flag those behaviors as “suspicious”, so you will get many alerts, but you really don’t know which one is more important!. Less machine learning confidence: some people can’t trust machine learning.

Why do enterprises need UBA?

There are several reasons to use User Behavior Analytics (UBA) in your organization: Detecting insider threats: the number of insider attacks is increasing year after year, and most breaches in enterprises were caused by the behavior of the users. Regardless of the user’s malicious intentions – spiteful employees or someone who wants to damage your enterprise – User Behavior Analytics understands what the user exactly does, to identify any abnormal behavior that may lead to an attack. Investigate security breaches: having User Behavior Analytics allows you to find the user while inserting a USB stick or even accessing a website page or document which contains malware at the same time, so you will be able to know everything about the breaches when it starts. Optimize Business Processes: always with UBA technologies makes your organization more transparent because any simple actions of the user are going to be documented and analyzed. Policy Compliance: User Behavior Analytics policy compliance may not of the main UBA usage, but it could help you to bring your attention to employees who like to take liberties in your company.