Key Use Cases of User Behavior Analytics (UBA)

User Behavior Analytics (UBA) solutions are the applications of advancements in Data science and Machine learning to tackle the current challenges in cyber security. UBA solutions captures data from myriad of sources both in structured and un-structured format such as Network flow/Packet data, Logs from Host and other security solutions, logs from Active directory, Email metadata, News sources/Articles and data from HR systems and apply Machine learning to detect any anomalous or suspicious behavior inside your enterprise network.
UBA solutions learns from the data being fed to it and builds normal operating profiles for users and entities (groups, hosts, applications) over a period of time. It then compare users actions on a continuous basis with these profiles to detect any abnormal actions and behaviour. These baseline profiles or normal operating profiles are dynamic in nature and changes itself automatically to better suit the user and entities normal behavior or to take into account any roles-changes inside the organization.
UBA solutions uses both basic (Rules based and statistical models) and more advance (supervised and unsupervised machine learning) analytics to build these profiles. Lets look at the Key Use Cases of User Behavior Analytics program:

Key Use cases:

Uncovering compromised credentials:
UBA can detect compromised accounts/credentials by correlating log data from active directory, IAM systems, Network flow  and other sources.
Detecting Malware Infected hosts, endpoints:
This is another area where it can detect malwares in hosts, systems and devices by detecting abnormalities in systems and host behavior. UBA tool can detect out-bound traffics to remote  malicious C&C by looking into the netflow data after enrichment with logs data from endpoints and other security solutions.
Detecting insider threats:
UBA can also help you detect insider threats especially from privileged users by means of risk scoring and outlier detection based on behavioral profiling
Detect data exfiltration:
UBA can also detect data exfiltration attempts by insiders/outsiders by integrating itself with DLP and leveraging logs from SIEM, IAM and active directory.

Do let me know if you want us to add or modify any of the listed key use cases.

Check out the User Behavior Analytics  market within FireCompass to get more information on these markets.