User and Entity Behavior Analytics (UEBA) as name suggests provides behavioral analytics of user and other entities using different learning algorithms. It is vital for UEBA to get data from different log sources to perform its analysis and provide result.
Security Incident and Event Management (SIEM) in essence collects, stores and monitors logs from different devices.
This means UEBA and SIEM are closely related. One collects and stores logs while other require centrally collected logs to provide output. Also, if you look into Gartner's vision of next-generation SIEM solution, UEBA should be the built-in functionality in SIEM. Advanced analytics and user monitoring (baselining and advanced analytics to analyze access and authentication data, establish user context and report on suspicious behavior.) are two fundamental capabilities SIEM should posses. Thus, UEBA and SIEM goes hand-in-hand.
Security Incident and Event Management (SIEM) in essence collects, stores and monitors logs from different devices.
This means UEBA and SIEM are closely related. One collects and stores logs while other require centrally collected logs to provide output. Also, if you look into Gartner's vision of next-generation SIEM solution, UEBA should be the built-in functionality in SIEM. Advanced analytics and user monitoring (baselining and advanced analytics to analyze access and authentication data, establish user context and report on suspicious behavior.) are two fundamental capabilities SIEM should posses. Thus, UEBA and SIEM goes hand-in-hand.
No comments:
Post a Comment