IDG Contributor Network: User behavior analytics is not a silver bullet

Think of the term user behavior analytics, or UBA. What went through your mind? Did you recall a conversation about insider threats? Or did you travel back to a meeting with a vendor, trying to convince you that machine learning will solve everything? Or was it a discussion with colleagues about taking a new approach because your security information and event management (SIEM) technology wasn’t cutting it?

For most of us, when we think of UBA, we see a word cloud of buzzword bingo. Insider threats, analytics, peer groups, machine learning, modeling, data science, contextualization. Part of the reason for this lies in the emergence, the expectation, and practical application of user behavior analytics use cases. I want to share some views on UBA – many of them gathered from conversations with colleagues and peers across the public and private sector.

What is this UBA you speak of?

About six years ago, research and incident response-driven publications began to recognize that credentials were being leveraged in major breaches. Some asserted that 100 percent of breaches involved compromised credentials. Simultaneously, some well-known breaches were determined to be the work of insiders, employees or contractors. Most notably, the Edward Snowden case.

The security industry responded with solutions to serve insider threat programs in commercial and government sectors. And thus, “user behavior analytics” was born.