Haystax Technology has been named in Gartner Inc.’s latest Market Guide for User and Entity Behavior Analytics (UEBA) as a representative vendor in the specialized use-case category of employee monitoring applications.
This new designation comes at a time when Gartner analysts see UEBA technologies gaining broader adoption, and maturing by “becoming more robust and valuable.” At the same time they have concluded that the UEBA market is becoming increasingly fragmented, noting that the number of “pure-play” UEBA vendors is diminishing and being replaced with more specialized UEBA technologies aimed at adjacent security markets like security information and event management (SIEM), intrusion detection and prevention systems (IDPS), data-centric audit and protection (DCAP), identity and access management (IAM), cloud access security broker (CASB) and endpoint detection and response (EDR).
Gartner has long followed employee monitoring technologies (far longer in fact than the UEBA market category itself). In 2015 it called employee monitoring “crucial in the development of security risk management objectives” but also noted the need for such systems to provide full transparency to all stakeholders about what is being monitored, in order to honor privacy and ethics standards.
Haystax is included in the latest Gartner UEBA report as an example of a company that provides a large degree of “user context” as part of its behavioral analytics, due to its central focus on the human dimension of risk and the ability to predict intent. In fact Haystax’s Haystax for Insider Threat solution is virtually unique in taking ‘whole-person’ approach to UEBA, combining a probabilistic model that encodes key behavioral risk indicators with the ability to ingest and analyze an extremely broad array of data sources — from network, printer and badge data to HR files, travel and expense records and even publicly available information when needed.
A crucial component of Haystax’s accuracy and effectiveness is the fact that model results are fully transparent and traceable, something not possible in ‘black-box’ solutions that rely solely on rules-based or machine-learning approaches. In addition, Haystax’s personal data redaction feature means that all employees in an organization can be monitored without being known to security operations analysts until such time as a high-priority threat actor is discovered — at which point identification of the actor becomes imperative for any response action taken. These ‘explainability’ and privacy features will be especially important as stronger data privacy rules like the European Union’s General Data Protection Regulation (GDPR) come into effect.
As for the future, Gartner predicts that by 2021, the UEBA market “will cease to exist as a stand-alone market.” And by 2022, “core UEBA techniques and technologies will be embedded in 80% of threat detection and incident prioritization solutions.”
# # #
NOTE TO READERS: Are you attending the Gartner Security & Risk Management Summit from June 4-7? The Haystax Technology team will be there, too. Please stop by Booth 350 for a chat about how Haystax for Insider Threat can help you solve your organization’s toughest security analytics challenges.