Monthly Archives: May 2016

Charles Leaver – Gartner UEBA Report Highlights Behavioral Analytics New Trends

Published by:

Written By Josh Linder And Presented By Ziften CEO Charles Leaver

The marketplace for business behavioral analytics is developing – again – to support the security use case. In the current Gartner User and Entity Behavior (UEBA) Trends Report, Ziften is delighted to be listed as a “Vendor to Watch.” Our company believe that our established relationships with threat intelligence feeds and visualization tools shows our addition within this research study note.

In the UEBA Market Report, Experts Eric Ahlm and Avivah Litan describe that there is a possible convergence in the sophisticated threat and analytics markets. The notion of UEBA – which extends user behavioral analytics to now include companies, business processes, and self-governing devices such as the Internet of Things – requires deep understanding and the ability to respond rapidly and efficiently.

At Ziften our recognized relationships with risk intelligence feeds and visualization tools reflects our addition within this research note. Our platform offers risk detection across different behavior vectors, rather than taking a look at a single-threaded signature feed. With integrations to orchestration and response systems, Ziften distinctively couples signature-based and behavioral analysis, while bridging the gap from protecting the endpoint to securing the entity. Continuous tracking from the endpoint – including network flow – is crucial to understanding the complete risk landscape and important for a holistic security architecture.

We commend Gartner on identifying four areas for security and analytic vendors to focus on: User Behavior, Host/App Habits, Network Behavior, and External Communications Behavior. We are the only endpoint vendor – today – to monitor both network behavior and external interactions habits. Ziften’s ZFLow ™ uses network telemetry to go beyond the basic IPFIX flow data, and augment with Layer 4 and Layer 5 operating system and user behavior. Our threat intelligence integration – with Blue Coat, iSIGHT Partners, AlienVault and the National Vulnerability Database – is second to none. In addition, our special relationship with ReversingLabs offers binary analysis directly within the Ziften administration console.

Ultimately, our constant endpoint visibility system is pivotal in assisting to discover behavioral risks that are hard to correlate without the use of advanced analytics.

Gartner Report

Six extra innovation pattern takeaways which Gartner readers should think about:

– Application of Analytics to Discovering Breaches Varies
– Data Science for Analytics Technologies Still Emerging
– The Need for Extended Telemetry Drives Analytics Market Merging
– Merging Between Analytics-Based Detection Suppliers and Orchestration/Response Vendors Likely
– SIEM Technologies Positioned to Be Central to Consolidation for Analytics Detection
– Advanced Behavioral Analytics Providers Extending Their Reach to Security Purchasers


Gartner does not back any supplier, service or product depicted in its research publications, and does not advise technology users to select just those suppliers with the greatest ratings or other classification. Gartner research study publications consist of the viewpoints of Gartner’s research study organization and must not be interpreted as statements of reality. Gartner disclaims all warranties, expressed or indicated, with respect to this research study, consisting of any guarantees of merchantability or fitness for a particular function.