RSA conference is one of the leading security conference worldwide. It creates tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.
User behavior analytics technology is in a way similar to SIEM technology but with certain subtle differences:
- Most standalone UBA tools utilize both basic and advance analytics approach ranging from rules-based models to Deep machine learning. A SIEM tool may or may not utilize advanced analytics approaches such as unsupervised machine learning
- Most standalone UBA tools utilize narrow but highly relevant set of data for ex. Active directory logs, end point security solutions, DLP solutions etc, for analysis. This results in higher quality of alerts with less false-negatives and false-positives. compare this to SIEM tools which ingest overwhelming amount of data only to generate more noise in their alerts
- Standalone UBA tools builds profiles/models for Users and Entities (Hosts, applications, devices etc.) behavior over a period of time and uses that as a baseline to detect any malicious actions by noting any abrupt or sudden change in their behavior. This functionality is only available as a feature in some SIEM tools.
- UBA excels in certain use cases such as insider threat detection, detecting compromised accounts etc.
Here are top 5 emerging UBA vendors to watch out for:
Exabeam user behavior intelligence solution helps organizations tackles challenges like external/internal threats and data theft by applying the advancements in data science to cyber-security. The product is built on a big data platform and performs behavioral analytics and risk scoring to determine any malicious activity.
To Know More: Visit Exabeam User Behavior Intelligence Solution Page
Gurucul’s user behavior analytics and identity access intelligence technology uses machine learning and predictive anomaly detection algorithms to reduce the attack surface for accounts, unnecessary access rights and privileges, and identify, predict and prevent breaches.
To Know More: Visit Gurucul Risk Analytics Platform Product Page
(Read More: Technology Stack For Ransomware Protection )
Fortscale UEBA uses unsupervised machine learning algorithms to provide user and entity profiling and anomaly detection. Fortscale can ingest myriad sources of data and has inbuilt forensics and investigation capabilities.
To Know More: Visit Fortscale UEBA Product Page
RedOwl uses a mix and match advance and basic analytics, such as, statistical pattern matching, machine learning and content analytics to profile user behavior, and identify anomalous user activity. RedOwl UBA solution can ingest both structured and unstructured data formats and has multiuse cases out-of-the box.
To Know More: Visit RedOwl UBA Solution Page
Niara security analytics platform utilizes both supervised and unsupervised machine learning for behavioral profiling of user and entities. It ingests data sources such as network packets, log data from hosts, application and other security products such as SIEM, DLP and WAF. Niara security analytics platform can be deployed on-premise or can be cloud based.
To Know More: Visit Niara Security Analytics Platfrom Page