The user behavior analytics market is fragmenting into fewer ‘pure-play’ UBA vendors and a larger number of more traditional security products with core UBA technologies and features embedded in them, according to a new market guide from Gartner Inc.
Among the adjacent security product markets that are seeing increased adoption of UBA are security information and event management (SIEM), intrusion detection and prevention systems (IDPS), data-centric audit and protection (DCAP), identity and access management (IAM), cloud access security broker (CASB) and endpoint detection and response (EDR).
Gartner defines UBA as threat detection and investigation technology that focuses on user activities and that incorporates some form of advanced analytics such as machine learning, data science and/or artificial intelligence-like capabilities. (The firm’s own preferred acronym, UEBA, also includes an entity component, given the importance of detecting compromised device and system activity at the same time as user activity.)
Another key finding in Gartner’s Market Guide for User and Entity Behavior Analytics, released late last month, is that “UEBA technologies are maturing, becoming more robust and valuable, and seeing broader adoption with forward-leaning organizations, especially as pure-play UEBA vendors morph into adjacent markets by building additional capabilities to try to replace legacy tools.”
The guide’s four authors, all Gartner research analysts, also level some criticisms at the UBA vendor community. First, they note that “vendor hype and use of terms such as ‘artificial intelligence’ make it difficult for buyers to effectively evaluate vendor technologies and capabilities.” Second, the analysts comment that buyers often discover that “UEBA deployment can be more time-consuming and labor-intensive than what vendors promise, even for core threat detection use cases.”
Haystax Technology, which is listed in the guide as a representative vendor in the specialized use-case category of Employee Monitoring applications, has frequently warned of excessive hype around AI-based approaches to UBA. It’s the reason we are careful to describe — transparently and in great depth — the probabilistic modeling, machine learning and other AI techniques that underpin our patented AI-based approach to user behavior analytics.
Moreover, because our flagship Haystax Analytics Platform is an operationally proven and user workflow-focused system already in use at several large government agencies and commercial enterprises, it excels at avoiding the kinds of unanticipated surprises with data integration and scaling that afflict other UBA systems. Our model-based approach also drastically reduces false positives, which cause alert overload in so many conventional systems that rely solely on machine learning or rules-based approaches for their analytics.
As for the future, Gartner predicts that by 2021, the UEBA market “will cease to exist as a stand-alone market.” And by 2022, “core UEBA techniques and technologies will be embedded in 80% of threat detection and incident prioritization solutions.”
To obtain the Gartner guide, please click here.
# # #
NOTE TO READERS: Are you attending the Gartner Security & Risk Management Summit from June 4-7? The Haystax Technology team will be there, too. Please stop by Booth 350 to find out how our UBA solution, Haystax for Insider Threat, can help you solve your organization’s toughest security analytics challenges.