User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. UBA is commonly referred to as user and entity behavior analytics (UEBA) to reflect that users are just one category of entities with observable behaviors on modern networks. Other entities include processes, applications and network devices.
UBA and UEBA technologies analyze historical data logs, including network and authentication logs collected and stored in log management and security information and event management (SIEM) systems. This is done to identify patterns of network traffic caused by the behavior of users, both normal and malicious. These systems provide cybersecurity teams with actionable insights when the systems detect unusual behavior.
While UBA and UEBA systems don't take action based on their findings, they can be configured to automatically adjust the difficulty of authenticating user accounts that show anomalous behavior or otherwise deviate from normal behavior.