User Behavior Analytics (UBA) is the tracking, collecting, and assessment of user data and activities using monitoring systems. UBA examine archived data from network and authentication logs collected and stored in log management and SIEM systems. They analyze and identify patterns of user traffic caused by known behaviors, both normal and malicious. UBA systems are primarily intended to provide cybersecurity teams with information they can use to find patterns in data sets too large for a human to manipulate. While UBA systems don’t take action based on their findings, they can be configured to automatically adjust the difficulty of authenticating users who show unusual behavior.
What does this mean for an SMB?
- UBA tools can be used to determine a baseline of normal activities specific to the organization and its individual users.
- They can also be used to identify deviations from normal. UBA uses big data and machine learning algorithms to assess these deviations in near-real-time.
While UBA tools are valuable and can help improve the security of your business, it’s important to look at your budget and determine if you have room for a UBA system. UBA’s aren’t necessarily vital to a security strategy, but are great to have if you are willing to pay for them.