User Behavior Analytics

The Rise of User Behavior Analytics

By Veriato Team

In August 2014, Gartner published the “Market Guide for User Behavior Analytics.” If you have a Gartner subscription I encourage you to read it. The analysts (Avivah Litan and Mark Nicolett) did a great job defining what had beforehand been a largely undefined market.

User Behavior Analytics (“UBA”) as defined by Gartner, is about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns – anomalies that indicate potential threats.

The space is evolving pretty rapidly, and there are some fairly significant differences in approach from one solution provider to the next. But the fact that user activity and behavior are being increasingly paid attention to is welcome.

Analyzing behavior is something the IT and Information Security community has been doing for a long time.

We have tools that look at the behavior of systems, and use data on the way the system is behaving to predict what will happen next. A disk failure is a good example. Not too hard to predict these days.

We have solutions that analyze the behavior of network traffic, looking at anomalies in flows as a means of detecting things like data exfiltration that a DLP solution simply can’t detect or prevent. Vince Berk and the folks over at Flowtraq are doing some outstanding work in this area.

It’s logical, and in some ways overdue, that we apply similar approaches to the behavior of insiders.

Javvad Malik with 451 Research published an excellent read titled “There is a traitor in our midst – exploring the insider-threat market” in December 2014 that, among other things, speaks to the benefits or monitoring user activity and analyzing user behavior. Javvad also points out some of the unique things that need to be factored in when adding “people analytics” to a security strategy like employee privacy. And he makes a great point – that while behavioral analytics are “key to identifying and isolating a potential rogue user” organizations need to exercise caution and not “prosecute individuals based on mere propensity.”

This leads to a discussion on predictive analytics. People, by their very nature, are difficult to predict. I had an opportunity to have a lengthy discussion with two ex-intelligence operators. These were experts that, when over in Iraq, were tasked with informing the warfighters where Improvised Explosive Devices (“IED”) were placed – a real matter of life and death. One thought that has stuck with me in the time since that discussion was their strong aversion to saying they could “predict” where a person was going to place an IED. Because that person could decide not to stick to the plan (alter their behavior) based on any number of factors – both internal and external – at any time.

It’s the function on user behavior analytics to identify situations where the conditions are ripe for an insider incident. It’s the function of the human operators that receive that information to use it judiciously and wisely.

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...