User & Entity Behavioral Analytics in Incident Detection & Response, 2017
User & Entity Behavioral Analytics in Incident Detection & Response, 2017
Machine Learning and AI for Rapid Deployment in Incident Response Threat Detection and Mitigation
26-Dec-2017
Global
Description
The report is about User and Entity Behavioral Analytics (UEBA) platforms used in the Incident Detection and Response (IDR) lifecycle and machine learning in various procedures in cybersecurity technologies. UEBA platforms apply algorithms over unstructured data sets to locate anomalies. By using a algorithm-based approach, UEBA is not limited to what can be learned from signatures or from techniques that require packet parsing. Divorced from signatures and packets, UEBA platforms are positioned to detect threats not possible in traditional cyber defense tools. UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained).If a UEBA platform is trusted, it can reduce agent management, and more importantly, reduce the number of alerts facing SOC analysts.
Research Highlights
The report is about User and Entity Behavioral Analytics (UEBA) platforms used in the Incident Detection and Response (IDR) lifecycle and machine learning in various procedures in cybersecurity technologies.
UEBA platforms are attractive on several levels:
- UEBA platforms apply algorithms over unstructured data sets to look for anomalies.
- By using a math-based approach, UEBA is not limited to what can be learned from signatures or from techniques that require packet parsing.
- Divorced from signatures and packets, UEBA platforms may be able to detect threats not possible in traditional cyber defense tools.
- UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained).
- If a UEBA platform is trusted, it can reduce lightweight agent management, and more importantly, reduce the number of alerts facing SOC analysts.
RESEARCH: INFOGRAPHIC
This infographic presents a brief overview of the research, and highlights the key topics discussed in it.Click image to view it in full size
Table of Contents
Key Findings
Key Findings (continued)
Executive Summary—Key Questions This Study Will Answer
Introduction to the Research
Introduction to the Research (continued)
Definitions UEBA, Machine Learning, and Artificial Intelligence
Definitions UEBA, Machine Learning, and Artificial Intelligence (continued)
Drivers and Restraints
Drivers Explained
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Drivers Explained (continued)
Restraints Explained
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Restraints Explained (continued)
Machine Learning and Artificial Intelligence Role in IDR
Machine Learning and Artificial Intelligence Role in IDR (continued)
Machine Learning and Artificial Intelligence Role in IDR (continued)
Machine Learning and Artificial Intelligence Role in IDR (continued)
More about Machine Learning and Artificial Intelligence
More about Machine Learning and Artificial Intelligence (continued)
More about Machine Learning and Artificial Intelligence (continued)
Attributes of Vendor Analysis of UEBA Platforms in IDR
Vendor Analysis of UEBA Platforms in IDR
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
Vendor Analysis of UEBA Platforms in IDR (continued)
UEBA and Machine Learning in Cybersecurity Platforms
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms—LogRhythm
UEBA and Machine Learning in Cybersecurity Platforms
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
UEBA and Machine Learning in Cybersecurity Platforms (continued)
The Last Word—Predictions
The Last Word—Recommendations
Legal Disclaimer
Vendor Profile—Arctic Wolf Networks
SOC-as-a-ServiceDelivered by Concierge Security Engineers
Vendor Profile—Aruba, a Hewlett Packard Enterprise Company
Vendor Profile—Aruba, a Hewlett Packard Enterprise Company (continued)
Vendor Profile—Aruba, a Hewlett Packard Enterprise Company (continued)
Vendor Profile—Awake Security
Vendor Profile—Darktrace The Enterprise Immune System
Vendor Profile—Darktrace Autonomous Response Capability: Antigena
Vendor Profile—Demisto
Vendor Profile—Exabeam
Vendor Profile—Lacework
Vendor Profile—Lastline
Vendor Profile—Lastline (continued)
Vendor Profile—LogRhythm Threat Lifecycle Management
Vendor Profile—LogRhythm (continued)
Vendor Profile—Lumeta
Vendor Profile—Lumeta (continued)
Vendor Profile—SecBI
Vendor Profile—SecBI (continued)
Vendor Profile—ThetaRay
Appendix A—What are the Criteria in Multifactor Incident Detection and Response (IDR)
Appendix A—Cybersecurity Technology Classes Included in Multifactor IDR
Appendix A—Cybersecurity Technology Classes Not Included in Multifactor IDR
Appendix B—Explaining Individual Attributes of the IDR Lifecycle
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Appendix B—Explaining Individual Attributes of the IDR Lifecycle (continued)
Methodology
The Frost & Sullivan Story
Value Proposition—Future of Your Company & Career
Global Perspective
Industry Convergence
360º Research Perspective
Implementation Excellence
Our Blue Ocean Strategy
Popular Topics
Research Highlights
The report is about User and Entity Behavioral Analytics (UEBA) platforms used in the Incident Detection and Response (IDR) lifecycle and machine learning in various procedures in cybersecurity technologies.
UEBA platforms are attractive on several levels:
- UEBA platforms apply algorithms over unstructured data sets to look for anomalies.
- By using a math-based approach, UEBA is not limited to what can be learned from signatures or from techniques that require packet parsing.
- Divorced from signatures and packets, UEBA platforms may be able to detect threats not possible in traditional cyber defense tools.
- UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained).
- If a UEBA platform is trusted, it can reduce lightweight agent management, and more importantly, reduc
No Index | No |
---|---|
Podcast | No |
Author | Chris Rodriguez |
Industries | Information Technology |
WIP Number | K266-01-00-00-00 |
Is Prebook | No |