User & Entity Behavioral Analytics in Incident Detection & Response, 2017

  • ID: 4449280
  • Report
  • 140 pages
  • Frost & Sullivan
1 of 4
Machine Learning and AI for Rapid Deployment in Incident Response Threat Detection and Mitigation

FEATURED COMPANIES

  • Antigena
  • Aruba
  • Darktrace
  • Exabeam
  • Lacework
  • Lifecycle Management
  • MORE

The report is about User and Entity Behavioral Analytics (UEBA) platforms used in the Incident Detection and Response (IDR) lifecycle and machine learning in various procedures in cybersecurity technologies. UEBA platforms apply algorithms over unstructured data sets to locate anomalies. By using a algorithm-based approach, UEBA is not limited to what can be learned from  signatures or from techniques that require packet parsing. Divorced from signatures and packets, UEBA platforms are positioned to detect threats not possible in traditional cyber defense tools. UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained). If a UEBA platform is trusted, it can reduce agent management, and more importantly, reduce the number of alerts facing SOC analysts.

Research Highlights

UEBA platforms are attractive on several levels:

  • UEBA platforms apply algorithms over unstructured data sets to look for anomalies.
  • By using a math-based approach, UEBA is not limited to what can be learned from  signatures or from techniques that require packet parsing.
  • Divorced from signatures and packets, UEBA platforms may be able to detect threats not possible in traditional cyber defense tools.
  • UEBA platforms are deployed (typically) as plug-ins to network ingress/egress points and do not require agents or sensors (although additional visibility and endpoint management with the deployments of agents could be gained).
  • If a UEBA platform is trusted, it can reduce lightweight agent management, and more importantly, reduce the number of alerts facing SOC analysts.

Key Questions this will Answer

  • What is the role of UEBA and machine learning in the Incident Detection & Response (IDR) lifecycle?
  • How does UEBA uncover threats that are undetectable in signature-based platforms?
  • How algorithms applied to unstructured data are used to augment other cybersecurity platforms?
READ MORE
Note: Product cover images may vary from those shown
2 of 4

FEATURED COMPANIES

  • Antigena
  • Aruba
  • Darktrace
  • Exabeam
  • Lacework
  • Lifecycle Management
  • MORE

1. Executive Summary

  • Key Findings
  • Executive Summary - Key Questions This Study Will Answer

2. Introduction

  • Introduction to the Research
  • Definitions UEBA, Machine Learning, and Artificial Intelligence

3. External Challenges - Drivers and Restraints: UEBA Market

  • Drivers and Restraints
  • Drivers Explained
  • Restraints Explained

4. Machine Learning and Artificial Intelligence (AI)

  • Machine Learning and Artificial Intelligence Role in IDR
  • More about Machine Learning and Artificial Intelligence

5. Vendor Analysis of UEBA Platforms in IDR

  • Attributes of Vendor Analysis of UEBA Platforms in IDR
  • Vendor Analysis of UEBA Platforms in IDR

6. UEBA and Machine Learning in Cybersecurity Platforms

  • UEBA and Machine Learning in Cybersecurity Platforms
  • UEBA and Machine Learning in Cybersecurity Platforms - LogRhythm
  • UEBA and Machine Learning in Cybersecurity Platforms

7. The Last Word

  • The Last Word - Predictions
  • The Last Word - Recommendations
  • Legal Disclaimer

8. Vendor Participation Slides

  • Vendor Profile - Arctic Wolf Networks
  • SOC-as-a-ServiceDelivered by Concierge Security Engineers
  • Vendor Profile - Aruba, a Hewlett Packard Enterprise Company
  • Vendor Profile - Awake Security
  • Vendor Profile - Darktrace The Enterprise Immune System
  • Vendor Profile - Darktrace Autonomous Response Capability: Antigena
  • Vendor Profile - Demisto
  • Vendor Profile - Exabeam
  • Vendor Profile - Lacework
  • Vendor Profile - Lastline
  • Vendor Profile - LogRhythm Threat Lifecycle Management
  • Vendor Profile - Lumeta
  • Vendor Profile - SecBI
  • Vendor Profile - ThetaRay

9. Appendix

  • Appendix A - What are the Criteria in Multifactor Incident Detection and Response (IDR)
  • Appendix A - Cybersecurity Technology Classes Included in Multifactor IDR
  • Appendix A - Cybersecurity Technology Classes Not Included in Multifactor IDR
  • Appendix B - Explaining Individual Attributes of the IDR Lifecycle
Note: Product cover images may vary from those shown
3 of 4

Loading
LOADING...

4 of 4
  • Antigena
  • Arctic Wolf Networks
  • Aruba
  • Awake Security
  • Darktrace
  • Darktrace Enterprise
  • Exabeam
  • Immune System
  • Lacework
  • Lastline
  • Lifecycle Management
  • LogRhythm Threat
  • Lumeta
  • SecBI
  • ThetaRay
Note: Product cover images may vary from those shown
5 of 4
Note: Product cover images may vary from those shown
Adroll
adroll