Unveiling Hidden Threats with ML-Powered User and Entity Behavior Analytics (UEBA)
Main Article Content
Abstract
The ever-growing cost of cybercrime has created the need for proactive solutions for organizations seeking to protect their digital assets. While traditional security systems struggle to detect anomalies buried within vast datasets, new solutions like User and Entity Behavior Analytics (UEBA) emerge as a game-changer. By leveraging the power of machine learning, UEBA analyzes diverse data sources like user logins, file accesses, event logs, business context, external
threat intelligence, and network activity, to unveil hidden threats most traditional methods could miss. The ability to analyze multiple data sources enables UEBA solutions to effectively detect malicious insiders, compromised users, Advanced Persistent Threats (APTs), and zero-day attacks. By using various analytics techniques like supervised learning, unsupervised learning, and statistical modeling, UEBA solutions can detect subtle anomalies that deviate from
established behavior baselines. Despite the many benefits, UEBA solutions still have limitations like data quality concerns, high implementation costs, and the need for model maintenance. Integration with System Information and Event Management (SIEM) systems helps mitigate some of these challenges to further enhance UEBA's capabilities and provide a unified platform for threat identification and response. This paper provides a detailed insight into the capabilities of
UEBA, its three pillars, significance, and limitations.
Downloads
Metrics
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
References
Statista, “Estimated cost of cybercrime worldwide 2017-2028.’ Available online:
https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
Wade W., Barbara F., “The Expanding Role of Data Analytics in Threat Detection,” October 2015.
Michael R., “What is the difference between signature-based and behavior-based intrusion detection systems?”
December 2020. Available online: https://accedian.com/blog/what-is-the-difference-between-signature-based-andbehavior-based-ids/
Timothy J., Shimeall, Jonathan M., Spring, “Introduction to Information Security,” 2014. Available online:
https://www.sciencedirect.com/book/9781597499699/introduction-to-information-security
IBM, “What is UEBA (user and entity behavior analytics)?” Available Online:
https://www.ibm.com/topics/ueba
Gartner, “Market Guide for User and Entity Behavior Analytics,” May 2019. Available online:
https://www.gartner.com/en/documents/3917096
Jason C., Jay B., “UEBA: Canary in a Coal Mine,” April 2017. Available online:
https://securityintelligence.com/ueba-canary-in-a-coal-mine/
Splunk, “4 Reasons to Add UBA to Your SIEM.” Available online: https://www.splunk.com/en_us/form/4-
reasons-to-add-uba-to-your-siem.html
GateWatcher, “ Benefits of a UEBA Approach.” Available online:
https://www.gatewatcher.com/en/lab/benefits-of-a-ueba-approach/
Aujas, “How to Mitigate Insider Threats with SIEM & UEBA,” July 2020. Available online:
https://blog.aujas.com/how-to-mitigate-insider-threats-with-siem-ueba
Oskar C., | Daniel N., “User and Entity Behavior Anomaly Detection using Network Traffic,” 2017. Available
online: https://www.diva-portal.org/smash/get/diva2:1113229/FULLTEXT02
Derek L., “Applying data science to user and entity behavior analytics,” 2016. Available online:
https://dataanalytics.report/Resources/Whitepapers/a93a20c4-fc03-4692-9247-d662092726ed_wd2.PDF
Exabeam, “What Is UEBA (User and Entity Behavior Analytics)?” Available online:
https://www.exabeam.com/explainers/ueba/what-ueba-stands-for-and-a-5-minute-ueba-primer/
Linan H., Quanyan Z., “A dynamic games approach to proactive defense strategies against Advanced
Persistent Threats in cyber-physical systems,” 2020. Available online:
https://www.sciencedirect.com/science/article/abs/pii/S0167404819302020?via%3Dihub