Author: Saurabh Jaolikar


Organizations are investing more money every year into cyber security technology in order to protect themselves against emerging threats. However, it can be difficult to gain satisfying results. This best approach available on the market is User Behavior Analysis (UBA).

What is User Behavior Analysis (UBA)?

User Behavior Analysis (UBA) is an approach that focuses on the user activity- network activity, application usage, and what files are accessed and when those respective files are accessed. With this information, UBA technology develops a profile for usual/normal/baseline and anomalous behavior. Then UBA technology can track if any given user is not behaving as expected.

Image from Maksim Kabakou /

How does User Behavior Analysis (UBA) help?

Today, cyber-attacks are becoming more sophisticated. Once the attacker gains access to a trusted environment, it is difficult to determine the legitimacy of the user activity. Legitimate users have the advantage of having trusted access to the environment. UBA helps find signature threats/APT, present correlation between normal/baseline and deviation/anomalous behavior. Then UBA can present the matrix and gathered data to the analyst.

Advantages of User Behavior Analysis:

    • Detects lurking malware, ATPs, signature less, and insider threats.
    • Improves visibility into the network infrastructure
    • Helps SOC security analysts make informed decisions.
    • Helps organization develop better incident response plans to combat emerging threats.

UBA technology can be integrated into existing solutions like SIEM, DLP, Anti-virus etc.

Though UBA is not a preventive technology that stops cyber attackers or inside threats, it will improve visibility into the infrastructure. It will also help organizations make informed decisions and satisfy compliance regulations.

The UBA solution is beneficial to the people, processes, and technology systems in every organization that care about the security of the information they collect, store, and process.