User & Entity Behavioral Analytics in Incident Detection & Response, 2017

The report is about User and Entity Behavioral Analytics (UEBA) platforms used in the Incident Detection and Response (IDR) lifecycle and machine learning in various procedures in cybersecurity technologies. UEBA platforms apply algorithms over unstructured data sets to locate anomalies. By using a algorithm-based approach, UEBA is not limited to what can be learned from signatures or from techniques that require packet parsing. Divorced from signatures and packets, UEBA platforms are positioned to detect threats not possible in traditional cyber defense tools. UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained).If a UEBA platform is trusted, it can reduce agent management, and more importantly, reduce the number of alerts facing SOC analysts.
Published: 26 Dec 2017

User & Entity Behavioral Analytics in Incident Detection & Response, 2017

Machine Learning and AI for Rapid Deployment in Incident Response Threat Detection and Mitigation

The report is about User and Entity Behavioral Analytics (UEBA) platforms used in the Incident Detection and Response (IDR) lifecycle and machine learning in various procedures in cybersecurity technologies. UEBA platforms apply algorithms over unstructured data sets to locate anomalies. By using a algorithm-based approach, UEBA is not limited to what can be learned from signatures or from techniques that require packet parsing. Divorced from signatures and packets, UEBA platforms are positioned to detect threats not possible in traditional cyber defense tools. UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained).If a UEBA platform is trusted, it can reduce agent management, and more importantly, reduce the number of alerts facing SOC analysts.


Research Highlights

The report is about User and Entity Behavioral Analytics (UEBA) platforms used in the Incident Detection and Response (IDR) lifecycle and machine learning in various procedures in cybersecurity technologies.

UEBA platforms are attractive on several levels:

  • UEBA platforms apply algorithms over unstructured data sets to look for anomalies.
  • By using a math-based approach, UEBA is not limited to what can be learned from  signatures or from techniques that require packet parsing.
  • Divorced from signatures and packets, UEBA platforms may be able to detect threats not possible in traditional cyber defense tools.
  • UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained).
  • If a UEBA platform is trusted, it can reduce lightweight agent management, and more importantly, reduce the number of alerts facing SOC analysts.

Key Questions This Study Will Answer

  • What is the role of UEBA and machine learning in the IDR lifecycle?
  • How does UEBA uncover threats that are undetectable in signature-based platforms?
  • How algorithms applied to unstructured data are used to augment other cybersecurity platforms?
  • What are the Drivers and Restraints in the immediate and long-term deployment of UEBA?
  • What companies are offering UEBA as a central technology for threat detection or incident response?

Features of this Research

Help Desk

Full list of offices


For more information and general enquiries, contact Frost & Sullivan near you.

North America
tel: +1.877.463.7678

Select a location near you..