Abstract

Traditional cybersecurity products are neither designed nor capable of detecting sophisticated and carefully crafted insider attacks. The main focus of these cybersecurity products is on the red interface, the outside attackers; ignoring the green side, the legitimate users. Moreover traditional cybersecurity products do not provide complete vision of user activities within the organization. User and Entity Behavior Analytics (UEBA) has become an important aspect in organization's security because the legitimate users have more rights and access over the organization resources as compared to outsiders. Also, the users are not aware of the security threats that may cause huge damage to organization's confidential information and intellectual property. We discuss the different approaches used in User and Entity Behavior Analytics (UEBA) including user and role-based detection, user and entity activity mapping, user profiling techniques and risk score calculations of individuals. We present the UEBA approaches proposed in literature and generalized design and feature set of top level commercially available UEBA solutions. We also highlight the fact that open source community still lags behind in giving a sophisticated UEBA solution.