Understanding User Behavior Analytics

Blog Post created by todb Employee on Nov 17, 2015

UBAcover.pngHey everyone! I'm pleased to announce that we've put together another pretty fun research report here in the not-terribly-secret overground labs here at Rapid7: Understanding User Behavior Analytics. You can download it over here.


Modern enterprise breaches tend to make heavy use of misbehaving user accounts. Not the users -- the people typing at keyboards or poking at their smartphones -- but user accounts. The distinction between the people and their virtual proxies is important to keep in mind, since both human users and machine-controlled services are attractive targets for takeover by intruders. In fact, user account impersonation through either purloined passwords, weak authentication controls, or pass-the-hash attacks, continues to be the number one method that both criminal intruders and professional penetration testers rely on to gain and extend control over a target network.


Because user accounts are such a central aspect of breach activity, the burgeoning field of User Behavior Analytics (UBA) has become a critical component of modern security program at many organizations.


This paper is intended to serve as an introduction to the key concepts that make up UBA, and is backed by the data collected by Rapid7's UserInsight UBA platform. Since UserInsight is now tracking over a million users across a wide array of medium-to-large enterprise networks, we believe that this paper can provide IT and information security practitioners some solid insight into what a typical network looks like from a UBA perspective.


So, feel free to sign up for my webcast later today. If you manage to catch it live or snag the recording (link TBA), you'll hear all about:


  • The security-relevant differences between human- and computer-controlled accounts
  • How cloud-based services can impact, but ultimately enhance, your internal security controls
  • The encroaching mobile device population, and how you can marshal them in defense of the enterprise
  • How and why lateral movement is so darn useful for attackers, how it's a key indicator of anomalous account behavior.


If you're responsible for detecting, preventing, and responding to data breaches, snag the paper to get up to speed on what's going on in user behavior analytics and what UBA can do to make your job easier when it comes to spotting bad guys posing as legitimate users on your network. If you have any questions on UBA, feel free to yammer at me on Twitter.