Monthly Archives: May 2016

Novel Trends In Behavioral Analytics Reported In Gartner UEBA – Charles Leaver

Written By Josh Linder And Presented By Ziften CEO Charles Leaver

The market for business behavioral analytics is developing – once again – to support the security use case. In the recent Gartner User and Entity Behavior (UEBA) Trends Report, Ziften is excited to be noted as a “Vendor to Watch.” Our company believe that our recognized relationships with risk intelligence feeds and visualization tools shows our inclusion within this research note.

In the UEBA Market Report, Analysts Eric Ahlm and Avivah Litan describe that there is a prospective convergence in the innovative threat and analytics markets. The concept of UEBA – which extends user behavioral analytics to now include companies, business processes, and autonomous devices such as the Internet of Things – needs deep understanding and the ability to respond quickly and effectively.

At Ziften our recognized relationships with threat intelligence feeds and visualization tools reflects our inclusion within this research study note. Our platform offers threat detection throughout various behavior vectors, instead of looking at a single-threaded signature feed. With integrations to orchestration and response systems, Ziften uniquely couples signature-based and behavioral analysis, while bridging the gap from protecting the endpoint to securing the entity. Continuous tracking from the endpoint – including network flow – is very important to understanding the total risk landscape and important for a holistic security architecture.

We applaud Gartner on identifying four areas for security and analytic vendors to focus on: User Habits, Host/App Behavior, Network Behavior, and External Communications Habits. We are the only endpoint supplier – today – to monitor both network behavior and external communications habits. Ziften’s ZFLow ™ makes use of network telemetry to go beyond the standard IPFIX flow data, and augment with Layer 4 and Layer 5 operating system and user behavior. Our risk intelligence integration – with Blue Coat, iSIGHT Partners, AlienVault and the National Vulnerability Database – is second to none. In addition, our distinct relationship with ReversingLabs offers binary analysis directly within the Ziften administration console.

Eventually, our continuous endpoint visibility service is instrumental in helping to discover behavioral threats that are challenging to correlate without using sophisticated analytics.

Gartner Report

6 extra innovation pattern takeaways which Gartner readers must think about:

– Application of Analytics to Finding Breaches Varies
– Data Science for Analytics Technologies Still Up and Coming
– The Required for Extended Telemetry Drives Analytics Market Merging
– Merging Between Analytics-Based Detection Suppliers and Orchestration/Response Vendors Probable
– SIEM Technologies Positioned to Be Central to Consolidation for Analytics Detection
– Advanced Behavioral Analytics Providers Extending Their Reach to Security Purchasers


Gartner does not endorse any supplier, product or service illustrated in its research publications, and does not advise technology users to select just those vendors with the highest rankings or other classification. Gartner research study publications consist of the opinions of Gartner’s research company and need to not be interpreted as statements of truth. Gartner disclaims all warranties, revealed or indicated, with respect to this research study, consisting of any guarantees of merchantability or fitness for a specific purpose.