User Behavior Analytics (UBA)

23rd March 2021 | Cybrary

User Behavior Analytics (UBA) is the tracking, collecting, and assessment of user data and activities using monitoring systems. UBA examine archived data from network and authentication logs collected and stored in log management and SIEM systems. They analyze and identify patterns of user traffic caused by known behaviors, both normal and malicious. UBA systems are primarily intended to provide cybersecurity teams with information they can use to find patterns in data sets too large for a human to manipulate. While UBA systems don’t take action based on their findings, they can be configured to automatically adjust the difficulty of authenticating users who show unusual behavior.

What does this mean for an SMB?

Behavior analysis systems first emerged in the early 2000s as tools to help marketing teams analyze and predict customer buying patterns. Today, user behavior analytics tools have more advanced profiling and exception monitoring capabilities than SIEM systems and are used for two main functions:

UBA tools can be used to determine a baseline of normal activities specific to the organization and its individual users.
They can also be used to identify deviations from normal. UBA uses big data and machine learning algorithms to assess these deviations in near-real-time.

While UBA tools are valuable and can help improve the security of your business, it’s important to look at your budget and determine if you have room for a UBA system. UBA’s aren’t necessarily vital to a security strategy, but are great to have if you are willing to pay for them.