Unveiling Hidden Threats with ML-Powered User and Entity Behavior Analytics (UEBA)
Main Article Content
Abstract
The ever-growing cost of cybercrime has created the need for proactive solutions for organizations seeking to protect their digital assets. While traditional security systems struggle to detect anomalies buried within vast datasets, new solutions like User and Entity Behavior Analytics (UEBA) emerge as a game-changer. By leveraging the power of machine learning, UEBA analyzes diverse data sources like user logins, file accesses, event logs, business context, external
threat intelligence, and network activity, to unveil hidden threats most traditional methods could miss. The ability to analyze multiple data sources enables UEBA solutions to effectively detect malicious insiders, compromised users, Advanced Persistent Threats (APTs), and zero-day attacks. By using various analytics techniques like supervised learning, unsupervised learning, and statistical modeling, UEBA solutions can detect subtle anomalies that deviate from
established behavior baselines. Despite the many benefits, UEBA solutions still have limitations like data quality concerns, high implementation costs, and the need for model maintenance. Integration with System Information and Event Management (SIEM) systems helps mitigate some of these challenges to further enhance UEBA's capabilities and provide a unified platform for threat identification and response. This paper provides a detailed insight into the capabilities of
UEBA, its three pillars, significance, and limitations.
Downloads
Metrics
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Licensing
TURCOMAT publishes articles under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This licensing allows for any use of the work, provided the original author(s) and source are credited, thereby facilitating the free exchange and use of research for the advancement of knowledge.
Detailed Licensing Terms
Attribution (BY): Users must give appropriate credit, provide a link to the license, and indicate if changes were made. Users may do so in any reasonable manner, but not in any way that suggests the licensor endorses them or their use.
No Additional Restrictions: Users may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
References
Statista, “Estimated cost of cybercrime worldwide 2017-2028.’ Available online:
https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
Wade W., Barbara F., “The Expanding Role of Data Analytics in Threat Detection,” October 2015.
Michael R., “What is the difference between signature-based and behavior-based intrusion detection systems?”
December 2020. Available online: https://accedian.com/blog/what-is-the-difference-between-signature-based-andbehavior-based-ids/
Timothy J., Shimeall, Jonathan M., Spring, “Introduction to Information Security,” 2014. Available online:
https://www.sciencedirect.com/book/9781597499699/introduction-to-information-security
IBM, “What is UEBA (user and entity behavior analytics)?” Available Online:
https://www.ibm.com/topics/ueba
Gartner, “Market Guide for User and Entity Behavior Analytics,” May 2019. Available online:
https://www.gartner.com/en/documents/3917096
Jason C., Jay B., “UEBA: Canary in a Coal Mine,” April 2017. Available online:
https://securityintelligence.com/ueba-canary-in-a-coal-mine/
Splunk, “4 Reasons to Add UBA to Your SIEM.” Available online: https://www.splunk.com/en_us/form/4-
reasons-to-add-uba-to-your-siem.html
GateWatcher, “ Benefits of a UEBA Approach.” Available online:
https://www.gatewatcher.com/en/lab/benefits-of-a-ueba-approach/
Aujas, “How to Mitigate Insider Threats with SIEM & UEBA,” July 2020. Available online:
https://blog.aujas.com/how-to-mitigate-insider-threats-with-siem-ueba
Oskar C., | Daniel N., “User and Entity Behavior Anomaly Detection using Network Traffic,” 2017. Available
online: https://www.diva-portal.org/smash/get/diva2:1113229/FULLTEXT02
Derek L., “Applying data science to user and entity behavior analytics,” 2016. Available online:
https://dataanalytics.report/Resources/Whitepapers/a93a20c4-fc03-4692-9247-d662092726ed_wd2.PDF
Exabeam, “What Is UEBA (User and Entity Behavior Analytics)?” Available online:
https://www.exabeam.com/explainers/ueba/what-ueba-stands-for-and-a-5-minute-ueba-primer/
Linan H., Quanyan Z., “A dynamic games approach to proactive defense strategies against Advanced
Persistent Threats in cyber-physical systems,” 2020. Available online:
https://www.sciencedirect.com/science/article/abs/pii/S0167404819302020?via%3Dihub