Publications

Abstract : There are a lot of stories of security failures. In addition to attackers, lack of proper monitoring and controls implementation, and data breaches we are seeing these challenges and consequences. The security professionals are grappling to solve these issues. One of the biggest challenges with incident response is it is not the tool to identify them; it is the large amount of data that the environment has generated and how to accommodate and analyze the data. Analytics in the security sphere are working to creation of new rules, correlational aspects, trends and behavior patterns related to user behavior. In this regard, user-entity behavior analytics (UEBA) is one of the areas which researchers and practitioners are exploring solutions. UEBA can help in the security areas. UEBA focuses more on user actions and user behaviors and less on events. Behavior indicators and user-entity first access anomalies are popular and deployed for ease of interpretation with malicious activities. UEBA has approached as a viable approach in the area of security to detect anomalies of user behaviors by statistical analysis and machine learning. The paper aims to show how analytics and specifically UEBA can help in detection. The objective of this paper is to systematically review the literatures to identify published analytics and specifically UEBA. As part of the UEBA literatures the authors looked at research literatures and articles beyond research papers. Searches were made from digital library of Amrita University and through online library database sources and references of eligible papers. The authors created a review process as a method to review the various literatures. For the research design the authors developed a matrix which has aggregated the various use-cases, vendors, the various solutions. The authors through the developed matrix also focus on the best practices across the industry and the various policies that have been developed and used across various industries. The authors also explored the various risks, technologies, data and the tools used in UEBA space across industry. The authors aggregated the analysis of 150 recent empirical studies, published in the last 10 years, between 2008 and 2018, in the international literature on UEBA. The literature review analysis also focuses on ratifying and exploring the existing underlying theories related to UEBA. With the focus on user behaviors and the analytics related to user behaviors the authors look at the insights, benefits and the utilization of resources in the area of security. © IEOM Society International.