User and Entity Behavior Analytics vs. Behavioral Biometrics: Comparing Two Security Solutions

Oct. 17, 2018 | by BioCatch

Monitoring user behavior is one of the best ways to detect cyber attacks and fraud in real time. In recent years, user and entity behavior analytics (UEBA) and behavioral biometrics have emerged as two promising fields in the world of cybersecurity. Though both focus on detecting anomalous user behavior, there are critical differences between the two.

We took a look at those differences, UEBA challenges, and how organizations can best secure against cyber threats.

What Is User and Entity Behavior Analytics?

User and entity behavior analytics (UEBA) was originally used as a marketing tool for predicting buyer behavior. Now, it’s known as a tool for intrusion and insider threat detection.

UEBA uses machine learning to keep track of users on an internal network. It analyzes a user’s regularly activity, identifying patterns that can then be referenced to detect when a user’s actions deviate from the norm.

User and entity behavior analytics monitor what files and servers people access, what privileges they have, what devices they normally login from, and what passwords they use. If, for example, a user logs on to an internal network from a different device and begins to access and download files they typically don’t touch, behavioral analytics security solutions flag this activity as suspicious.

Cybercriminals are adept at getting around firewalls and security solutions to compromise internal systems. Behavioral analytics security spots anomalyous behavior on internal networks to reveal hackers, malware, and insider threats.

Solving UEBA Challenges with Behavioral Biometrics

Where UEBA focuses on what users do on a regular basis, behavioral biometrics key in on how. It’s this approach that distinguishes the two, and makes behavioral biometrics a much broader and more powerful approach to detecting cyber threats.

The biggest challenge with UEBA is that focusing on what users do makes it helpful for internal security — detecting employees and systems that have already been compromised — but not for stopping cyber criminals before they breach an organization’s defenses. Behavioral biometrics does both, stopping criminals at account creation and securing user sessions from login to logout.

Using machine learning, behavioral biometrics build profiles of individual users based on how they interact with a device. How do they move their mouse, scroll, or navigate between fields? How much pressure do they use when tapping on a mobile device? Behavioral biometrics can even monitor how a user moves when holding their mobile phone. Cyber criminals can’t mimic these actions because they’re based on innate characteristics and cognitive choices that a person makes.

The technology doesn’t only get to know legitimate users. It also builds profiles on cyber criminals too. If behavior typical of fraud is detected at any point, that session is flagged for review. Behavioral biometrics can detect all types of fraud, including account takeover attacks, new account fraud, and automated attacks, such as malware, robotic, and replay attacks.

BioCatch UEBA Chart

It’s not what a user does, it’s how they do it that counts. Learn more about preventing fraud and protecting your users with behavioral biometrics.

Topics: Continuous Authentication