How UEBA Is Helping Enterprises Uncover Hard-to-Expose Security Threats | eWeek

7 Security Risks User and Entity Behavior Analytics Helps Detect

UEBA
Oct 10, 2017
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


7 Security Risks User and Entity Behavior Analytics Helps Detect

1 - 7 Security Risks User and Entity Behavior Analytics Helps Detect

User and Entity Behavior Analytics (UEBA) technology is a relatively new entrant into the cyber-security tools arena that aims to provide capabilities that classic network security tools such as firewall and intrusion preventions systems (IPS) cannot. With UEBA, rather than just looking at network traffic and anti-malware scanners for indicators of compromise, organizations gain insight into user behavior. UEBA systems can identify different types of anomalous user behavior and actions that might serve as indicators of threat and compromise. In this eWEEK slide show using industry information from Ryan Stolte, co-founder and CTO of Bay Dynamics, eWEEK outlines seven things that UEBA technology can help to uncover.


Slow and Low Attacks

2 - Slow and Low Attacks

Bad guys, outsiders and insiders alike know that traditional security tools work on basic thresholds. They know if they do the same thing more than “X” amount of times, it will raise a red flag. So they keep their activity slow enough with low volume to stay under the radar. An example of this would be leaking a small number of credit card numbers via email just once a day. UEBA can pick up this pattern and identify it as a recurring behavior that needs to be investigated.


Collusion

3 - Collusion

UEBA can help uncover a group of people who work closely together who suddenly change their behavior in the same way. For example, a team has decided to pull off a heist of customer records it intends to use for its own gain, but it knows security controls are watching. So each member takes a bit of what the team is trying to steal and emails it to their personal accounts. UEBA will not only find the abrupt change in the users’ behavior, but will also flag that it is a consistent change within the team, and highlight the entire group.


Advertisement

Hiding in the Noise

4 - Hiding in the Noise

Every employee has a role and is required to perform certain actions tied to that role. For example, Joe is on a team responsible for printing mortgages. Tom, who works for the same company but is a retirement plan financial adviser, prints two mortgages during the span of two weeks. While printing mortgages is normal for Joe, his team and his company, it’s not a normal action for Tom or anyone on his team. UEBA can pick those people out of the crowd and enable security teams to investigate them without having to scrutinize the others.


Persistent Exfiltration Attempts

5 - Persistent Exfiltration Attempts

Very often if an attacker is blocked in his or her attempt to exfiltrate sensitive data, the attacker will try another method to get around the system. For example, Jane attempts to email a file with sensitive data to her personal account, but it’s blocked. She proceeds to upload the file to cloud storage on her personal site, but again she’s blocked. She then tries to put the file on a USB stick, but once more she’s blocked. She clicks “print” and—success! Or so she thinks. UEBA technology can piece all those actions together, and Jane receives a deskside visit from an investigator.


Door Jigglers

6 - Door Jigglers

Some people just can’t help jiggling and shaking door knobs when they walk down the hallway. Many are just curious or like pushing the limits, but the truth is these are the people who are most likely to open that file that they know they shouldn’t open. They go to websites that are blocked and keep on trying, assuming nobody is really looking. These employees are likely to be a welcome entry point for a phishing attack. UEBA can spot the “door jigglers” and warn them about the risky behavior.


Checking Out and Preparing to Exit

7 - Checking Out and Preparing to Exit

UEBA spots behavior changes that are consistent with those of others who were preparing to leave a company. This enables security teams to find the employees before they let their company know they’re leaving. This is important because sensitive data can leave a company when an employee leaves. Since UEBA can see changes in behavior that may indicate an employee is preparing to quit, these employees can be found before data slips out the door.


Advertisement

Gold Prospectors

8 - Gold Prospectors

Unlike door jigglers, these are true bad actors, scouring file systems and trying to log into whatever they can find as they look for golden nuggets. These people have big dreams and keep looking until they find that golden sensitive data—or until UEBA finds them.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.