According to Gartner there are three dimensions we should think of when talking about UEBA. They are
1. Data Source
UEBA implementation should be as such that it ingest data from a data repository. Data repository could be data warehouse or SIEM.
2. Use Cases
UEBA should provide an information about an anomalies of user and other entities. It needs to continuously monitor, detect and alert those anomalies. So to make it more effective UEBA should support multiple use cases.
3. Analytics
UEBA needs to implement various types of approaches like Machine learning, Statistical model, threat signatures, threat rules etc. to detect an anomalies.
1. Data Source
UEBA implementation should be as such that it ingest data from a data repository. Data repository could be data warehouse or SIEM.
2. Use Cases
UEBA should provide an information about an anomalies of user and other entities. It needs to continuously monitor, detect and alert those anomalies. So to make it more effective UEBA should support multiple use cases.
3. Analytics
UEBA needs to implement various types of approaches like Machine learning, Statistical model, threat signatures, threat rules etc. to detect an anomalies.
No comments:
Post a Comment