Frost Radar™: User and Entity Behaviour Analytics Based on Machine Learning, 2020

Frost Radar™: User and Entity Behaviour Analytics Based on Machine Learning, 2020

  • July 2020 •
  • 33 pages •
  • Report ID: 5950886 •
  • Format: PDF
As intrusions employ a wide variety of attack vectors and methods, companies have to seriously consider continuous security monitoring, which provides real-time visibility of users and their devices when they attempt to connect to or work on an enterprise network.Security monitoring gives companies the ability to constantly look over their network and remain a step ahead of cyber threats.

Different types of user access should be monitored, examined, and reported to prevent unauthorized use of user credentials, malicious access attempts, simultaneous logins, and activity from multiple geographic locations.Threats that come from within the organization are the most difficult to detect and the most risky.

It is crucial for companies to have security tools that analyse the behaviour of users who are connected to the organisation’s network, and entities or endpoints such as servers and applications, to detect anomalies and correlate the threats with users.Security information and event management (SIEM) tools come into play to cover the detection and collocation puzzle, but they typically lack effective and intelligent threat detection and response.

SIEM tools can be bypassed by advanced attackers with relative ease, and focus more on real-time threats than extended attacks.User and entity behaviour analytics (UEBA) is a vital component of any SIEM system. UEBA tools work with SIEM solutions to provide insights into behavioural patterns within the network. By combining both solutions, companies gain the benefits of threat detection techniques that examine both human and machine behaviour. UEBA tools automate the detection of these attacks with analytics-driven visibility. Artificial intelligence techniques, including supervised and unsupervised machine learning, are applied to data from network security infrastructure. Further, a threat hunting capability improves the speed of threat response and reduces investigation time. The radar™ reveals the market positioning of companies in an industry using their Growth and Innovation scores as highlighted in the radar™ methodology. The document presents competitive profiles on each of the companies in the radar™ based on their strengths, opportunities, and a small discussion on their positioning. The analyst examines hundreds of companies in the industry and benchmarks them across 10 criteria on the radar™, where the leading companies in the industry are then positioned. Industry leaders on both the Growth and Innovation indices are recognized as best practice recipients.
Author: Anas Haj Kasem