User Behavior Analytics

The Rise of User Behavior Analytics

By Veriato Team

In August 2014, Gartner published the “Market Guide for User Behavior Analytics.” If you have a Gartner subscription I encourage you to read it. The analysts (Avivah Litan and Mark Nicolett) did a great job defining what had beforehand been a largely undefined market.

User Behavior Analytics (“UBA”) as defined by Gartner, is about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns – anomalies that indicate potential threats.

The space is evolving pretty rapidly, and there are some fairly significant differences in approach from one solution provider to the next. But the fact that user activity and behavior are being increasingly paid attention to is welcome.

Analyzing behavior is something the IT and Information Security community has been doing for a long time.

We have tools that look at the behavior of systems, and use data on the way the system is behaving to predict what will happen next. A disk failure is a good example. Not too hard to predict these days.

We have solutions that analyze the behavior of network traffic, looking at anomalies in flows as a means of detecting things like data exfiltration that a DLP solution simply can’t detect or prevent. Vince Berk and the folks over at Flowtraq are doing some outstanding work in this area.

It’s logical, and in some ways overdue, that we apply similar approaches to the behavior of insiders.

Javvad Malik with 451 Research published an excellent read titled “There is a traitor in our midst – exploring the insider-threat market” in December 2014 that, among other things, speaks to the benefits or monitoring user activity and analyzing user behavior. Javvad also points out some of the unique things that need to be factored in when adding “people analytics” to a security strategy like employee privacy. And he makes a great point – that while behavioral analytics are “key to identifying and isolating a potential rogue user” organizations need to exercise caution and not “prosecute individuals based on mere propensity.”

This leads to a discussion on predictive analytics. People, by their very nature, are difficult to predict. I had an opportunity to have a lengthy discussion with two ex-intelligence operators. These were experts that, when over in Iraq, were tasked with informing the warfighters where Improvised Explosive Devices (“IED”) were placed – a real matter of life and death. One thought that has stuck with me in the time since that discussion was their strong aversion to saying they could “predict” where a person was going to place an IED. Because that person could decide not to stick to the plan (alter their behavior) based on any number of factors – both internal and external – at any time.

It’s the function on user behavior analytics to identify situations where the conditions are ripe for an insider incident. It’s the function of the human operators that receive that information to use it judiciously and wisely.

How to Rebrand
“Bossware”at Your

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...