Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

Key Criteria for Evaluating User and Entity Behavior Analytics Solutionsv2.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Summary
  2. UEBA Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take
  8. About Chris Ray

1. Summary

Cybersecurity is a multidisciplinary practice experiencing a fast rate of change and growing complexity. In response, vendors are evolving their technology at a similar pace.

Security concerns today range from protecting against compromised servers, to the relatively new area of development security operations (DevSecOps) aimed at securing new code and infrastructure deploying at rapid speeds, to mitigating identity-related security risks.

For the latter, user behavior analysis (UBA) was designed to analyze the actions of users in an organization and classify normal versus abnormal behaviors. From this analysis, UBA solutions look for any and all deviations from baseline user activity and can detect malicious or risky behaviors.

As technology has advanced and the scope of what’s connected to the network has expanded, the need to analyze entities other than users has emerged. In response, vendors have added entity analysis to UBA, creating user and entity behavior analysis (UEBA). The strategy remains the same, but the scope of analysis has expanded to include entities involving things like daemons, processes, infrastructure, and cloud roles.

The GigaOm Key Criteria and Radar reports provide an overview of the UEBA market, identify capabilities (table stakes, key criteria, and emerging technologies) and evaluation metrics for selecting a UEBA platform, and detail vendors and products that excel. These reports give prospective buyers an overview of the top vendors in this sector and help decision-makers evaluate solutions and decide where to invest.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.