Wondering what this whole User Behavior Analytics (UBA) craze is really about? Think
about your security implementation; could you predict where a breach may occur?
Verizon's most recent Data Breach Incident Report (DBIR) found that 74%
of organizations feel vulnerable to insider attacks. A separate study conducted
by the Carnegie Mellon University Software Engineering Institute showed that 30% of all
respondents reported that incidents caused by insider
attacks were more costly or damaging than outsider attacks. Often these attacks
target personal information housed by organizations for financial gain or public
defamation. The standard now is to protect your organization proactively, never
What does this mean for you? Well, you have to be able to predict, with a degree of
certainty, when and where an attack may begin. Anticipating the future isn’t easy, to do
so you’ll need data — relevant data, which is where User Behavior Analytics comes into
There are terabytes upon terabytes worth of data that can be pulled from a standard
security implementation using SIEM systems. With these legacy solutions the most
prominent question is always, “how do you make sense of it,” or “what is actually
User Behavior Analytics Tools arm organizations with the specific data needed to
understand what typical user behavior looks like, which is then used to identify
unusual, or suspicious behavior. In doing so, User Behavior Analytics systems collect
data on how users interact with the devices, applications, and other digitally connected
assets they’re given.
UBA data has value in every department within an organization. From security to sales,
something can be learned from the data provided by User Behavior Analytics. Read on to
see if UBA is right for your organization.
What is User Behavior Analytics
to Gartner, UBA is UEBA (User and Entity Behavior Analytics), and it’s defined in
the following way:
“User and entity behavior analytics offers profiling and anomaly detection based on a
range of analytics approaches, usually using a combination of basic analytics
methods (e.g., rules that leverage signatures, pattern matching, and simple
statistics) and advanced analytics (e.g., supervised and unsupervised machine
learning). Vendors use packaged analytics to evaluate the activity of users and
other entities (hosts, applications, network traffic and data repositories) to
discover potential incidents commonly presented as an activity that is anomalous to
the standard profiles and behaviors of users and entities. Example of these
activities includes unusual access to systems and data by trusted insiders or third
parties and breaches by external attackers evading preventative security
On top of User and Entity Behavior Analytics, UBA is also known as security user behavior
analytics (SUBA), and Network Traffic Analytics (NTA), no matter what you call it, the
simplified definition of User Behavior Analytics is that it is the process of collecting
data on the events generated by your users through their daily activity across
different networks and devices, then leverages machine learning, algorithms, statistics
and probability to organize that data into logical, useful analytics reports that
highlight activity significant to the organization.
This knowledge helps businesses scale processes, ensure compliance rules are met, and
more popularly, protects
the organization against insider threats and aids with the investigation process
in the event of a breach in security.
A Short History of User Behavior
User Behavior Analytics, an offshoot of Behavior Analytics, is a concept that began in
the world of marketing, where products like Google Analytics provide organized reports
of server activity logs, which granted marketers much greater insight into who did what
while on their website. Granular insight into user interactions let marketers optimize
for maximum conversion levels, which correlate with higher revenues.
Now, the same information is beginning to become more necessary and prevalent throughout
every department in an organization, particularly regarding security, but also in human
resources, sales, and any other process-driven sectors within an organization.
Organizations use data from UBA systems to help optimize individual workflows, understand
employee engagement, and of course, to understand and analyze suspicious behavior and
The Difference Between SIEM & UBA
SIEM or Security Information and Event Management systems are common core technologies
for any security implementation; they provide real-time analysis of security alerts
generated by applications and network hardware. These systems alert you to anything and
everything that happens within your infrastructure. SIEM Systems collect log and event
records from all of your other security systems such as user devices, network switches,
firewalls, intrusion protection systems, servers and more, then puts them in one
centralized location and analyzes the data. The main benefit here is that SIEM provides
near real-time data analysis that uses correlation rules, whitelist matching, and
statisical baseline devation to notify additional systems and teams of a noteworthy
UBA systems provide specific event data with historical activity data
from the user, website, application, and machine, which provides more relevant
alerts and a lot more context than just system events.
The biggest difference is this, SIEM applications use specified rules and inputs to
analyze behavior in near real time and they're notoriously bad a spotting anomalous
behvior outside those rules. UBA applications take a more long-term approach by
analyzing behavior over long periods of time to only draw attention to truly anomalous
behavior. With SIEM, anything and everything that meets our rules gets flagged in near
real time, UBA highlights anomalous behavior based on a historical batch of activity
data. SIEM systems offer what becomes a data lake, UBA systems provide data droplets or
tactical data points.
Why do I Need User Behavior Analytics?
A 2017 report titled “2017 Cost of
Cyber-Crime Study” from Accenture Security states that cyber-attacks show “no
signs of slowing down,” and that the only way to stay ahead of them is to invest in
innovation. On average, companies are losing more than $11.7 million per company due to
cyber-crime, a 62 percent increase in just five years.
Across all emerging technologies, User Behavior Analytics has the second highest spend to
cost savings ratio, second to only SI systems, which cost more than three times that of
an average User Behavior Analytics system.
Old security methods are no longer effective. Your firewall is not 100% foolproof, your
users give passwords to friends and family, rogue employees are lurking unnoticed, and
you never know when a simple phishing scam could compromise a user’s account. This ever
complex landscape means preventative measures are no longer enough in the world of
Moreover, UBA can add much-needed context to your business intelligence systems by
analyzing company-wide and individual workflows. These insights allow companies to then
optimizing processes for higher output.
The world of business today is increasingly complex and competitive. In order for
established businesses to remain competitive, organizations must constantly evaluate the
inner workings of their organizations. At scale, organizations must ensure old
processes do not become inefficient. For growing organizations, processes need
to be monitored to be sure they scale properly.
How Does User Behavior
Analytics Help Organizations?
Using insights based on collected data, configure ActivTrak to respond automatically
when users act outside of expected behavior. Use reactive and preventative measures
to secure your organization’s network.
Here are a few reasons why ActivTrak is an ideal solution for User Behavior
- Quickly filter through comprehensive activity and alarm logs to zero in on
potentially harmful activities.
- Spot sudden changes in user schedule and idle time. Use screenshots, videos, and
other reports to add context and intent for investigations.
- Behavioral data is available on the dashboard within moments of installation.
- Flag and single out screenshots containing unsafe content.
- Check in on your team any time, anywhere from the desktop or our mobile app.
Is User Behavior Analysis
Only for Security Professionals?
Nope! While many people are finding early and obvious uses for user behavior data, some
of the more savvy data scientists in the world are finding this information is
particularly useful in discovering additional revenues hiding within their organization.
Many organizations experience growth, but few are currently prepared for it. In fact, a
study by the Harvard Business Review found that 86% of business managers surveyed said
their business processes and the resulting decisions have become so complex that they
hinder the companies’ ability to grow in a digital economy.
When companies grow, old processes become inefficient at scale, which means the time
value loss grows expentially as you hire more people and they continue to work through
inefficient processes. To curb this loss in time value, organizations regularly perform
a process called Business Process Mining.
Business Process Mining is the procedure of auditing data that speaks to how work gets
done, looking for bottlenecks, then making a data-driven change to the process itself
and measuring the resulting output. Business Process Mining can be invaluable while
scaling your business, as it ensures the dollars spent on employee salary, tools and
oversight is spent wisely.
User behavior data is ideal for performing business process mining because it captures
everything that a user does on a computer. This information can be invaluable while
preforming a process audit because it actually shows what happened, whether or not the
processes are being followed, as well as when and where there is a deviation in the
process, then how that deviation effected the output.
How do I Collect User Behavior Event
As with traditional Behavior Analytics, User Behavior Analytics has a number of software
technologies that can help organizations collect and analyze user behavior within an
Choosing the right system is critical to your success. Many User Behavior Analytics
products vary widely in the information they provide, and how the data is presented. These
factors can profoundly influence the insights gathered from user behavior, and
ultimately, the success of your implementation.
Pros of UBA
Of course, you already have a security system. If there is a hole, UBA will catch it so
you can patch it. According to many leading industry experts, the only way to stay ahead
of the curve is to invest in innovation to add to your security stack.
Cons of UBA
So, You’ve decided UBA is a good investment, how do you get up and running?
Begin with finding the right reason to invest in a User Behavior Analytics. Are you
concerned about detecting threats? Are you worried
about an insider threat? Is one department underperforming? Are employees within
a department overworked? Are you concerned your processes are not scaling well with your
It’s important to ask the right questions before purchasing your UBA software, such
- What are our Needs?
- Is it providing the data you need?
- Is it tailorable to my needs?
- Can you extract the data you need?
- Can it integrate with your existing systems? How well?
- How long will the implementation take?
- How much of Implementation is on us? Can we do it?
- Can our Non-tech-savvy users work the program?
- Budget Considerations?
- What are our Needs?
It’s important to get the answers to these questions early in the investigation process,
as they will be significant roadblocks if one of these questions remains unanswered.
An in-depth explanation of User Behavior Analytics.
How Insider Threats were mitigated with User Behavior Analytics Software.
Compelling enterprise use cases for User Behavior Analytics.
UBA software can tell you exactly what applications are used the most within your organization.
Learn about user and entity behavior analytics (UEBA) in Data Protection 101, our series on the fundamentals of information security.
Advanced analytics that focus on identity predicted to offer more visibility than logs.
UBA data become more powerful when combined with other metrics, learn how to do that with ActivTrak ActivConnect.
The promise of User Behavioral Analytics is that it can go beyond simply detecting insider threats to predicting them. Some experts say that creates a significant privacy problem.
Learn about features that allow managers to use User Behavior Analytics Software to assist with workforce management.
Some features that add an extra punch to User Behavior Analytics Software.
Key features of UBA products that help organizations improve operational efficiency.
Before Implementing User Behavior Analytics, make sure you’re covered legally with an Internet Usage Policy.
Information about how you can stay compliant while using user Behavior Analytics under the new GDPR regulations.