Gartner UEBA Report New Trends In Behavioral Analytics Written By Josh Linder And Presented By Ziften CEO Charles Leaver The market for enterprise behavioral analytics is evolving — again — to support the security use case. In the recent Gartner User and Entity Behavior (UEBA) Trends Report, Ziften is excited to be listed as a ―Vendor to Watch.‖ We believe that our established relationships with threat intelligence feeds and visualization tools reflects our inclusion within this research note. In the UEBA Market Report, Analysts Eric Ahlm and Avivah Litan explain that there is a potential convergence in the advanced threat and analytics markets. The notion of UEBA — which extends user behavioral analytics to now include organizations, business processes, and autonomous devices such as the Internet of Things — requires deep understanding and the ability to respond quickly and efficiently. At Ziften our established relationships with threat intelligence feeds and visualization tools reflects our inclusion within this research note. Our platform offers threat detection across various behavior vectors, rather than a looking at a single-threaded signature feed. With integrations to orchestration and response systems, Ziften uniquely couples signature-based and behavioral analysis, while bridging the gap from securing the endpoint to protecting the entity. Continuous monitoring from the endpoint – including network flow – is critical to understanding the complete threat landscape and vital for a holistic security architecture. We commend Gartner on identifying four areas for security and analytic vendors to focus on: User Behavior, Host/App Behavior, Network Behavior, and External Communications Behavior. We are the only endpoint vendor – today – to monitor both network behavior and external communications behavior. Ziften’s ZFLow™ utilizes network telemetry to go beyond the standard IPFIX flow data, and augment with Layer 4 and Layer 5 operating system and user behavior. Our threat intelligence integration – with Blue Coat, iSIGHT Partners, AlienVault and the National Vulnerability Database – is second to none. Additionally, our unique relationship with ReversingLabs provides binary analysis directly within the Ziften administration console. Ultimately, our continuous endpoint visibility solution is instrumental in helping to discover behavioral threats that are difficult to correlate without the use of advanced analytics. Gartner Report Six additional technology trend takeaways which Gartner readers should consider:
Application of Analytics to Discovering Breaches Varies Data Science for Analytics Technologies Still Emerging The Need for Extended Telemetry Drives Analytics Market Convergence Convergence Between Analytics-Based Detection Vendors and Orchestration/Response Vendors Likely SIEM Technologies Positioned to Be Central to Consolidation for Analytics Detection Advanced Behavioral Analytics Providers Extending Their Reach to Security Buyers