User and entity behavior analytics (UEBA) applies a variety of advanced technologies to track and flag suspicious or malicious behavior. Analytics initially centered on user activities but quickly expanded to include unusual behavior by other networked assets such as sensors, databases, and hosts. The discussion in the market around UEBA has increased recently for several reasons:
• Companies are worried about risky user behavior—accidental or deliberate—that may lead to data exfiltration or compliance violations.
• Credential theft is a common reason for attacker success, permitting remote access, privilege escalation, and lateral movement while the attacker is disguised as a legitimate user. Unusual user activity can be a clue to this situation.
• High-performance security operational systems, such as security information and event management (SIEM), have teamed with newer technologies, such as UEBA, to add additional context to continuous, real-time (or near real-time) detection, monitoring, analysis, and enforcement.
• Some vendors are positioning standalone UEBA solutions as sufficient for monitoring and understanding user behavior, creating confusion and uncertainty around which solutions to invest in both budget and team resources.
This White Paper provides an overview of core UEBA capabilities available in the McAfee® Enterprise Security Manager solution and introduces the many partners whose products are tightly integrated and certified with McAfee Enterprise Security Manager. The goal of these native capabilities and key partner integrations is to help each enterprise make the best decision on adopting this important toolset.