Term · 27. Emerging Categories 2024-2026
User and Entity Behavior Analytics (UEBA) UEBA
Definition
Class of security products using machine learning to build behavioral baselines for users and entities (applications, service accounts, devices), then detect anomalies indicating compromise (account takeover, insider threat, privilege misuse). Category coined by Gartner in 2015, evolved from User Behavior Analytics (UBA). Closely tied to ITDR and SIEM/SOAR pipelines for unified identity threat workflow.
- Synonyms
-
- User Behavior Analytics (UBA) — predecessor term
- ML-based identity anomaly detection
- Discouraged variants
-
- Behavior analysis (too broad — loses identity-focused specificity)
- Application
- Regulatory: Gartner Magic Quadrant / Hype Cycle
- Standards & regulations
-
- Gartner
- Sources
-
- Gartner — UEBA market guide primary source
Related terms
-
AI-Powered Session Termination
Use of machine learning to detect compromised or anomalous sessions and automatically terminate them mid-flight — withou …
-
Continuous Authentication
Authentication paradigm verifying user identity continuously throughout a session, not just at login. Uses behavioral bi …
-
Risk-Based Authentication (RBA)
Authentication mechanism that calculates a risk score for each access attempt based on contextual signals — device, loca …
-
AI Agent Identity
Identity assigned to an autonomous AI agent acting on behalf of a human or workflow. Distinct from human identities (wit …
-
AI-Driven Access Policy Optimization
ML-driven analysis of historical access patterns to recommend least-privilege policy refinements — flagging permissions …
-
Continuous Adaptive Risk and Trust Assessment (CARTA)
Gartner framework introduced 2017 — a security posture that continuously evaluates risk and adjusts trust assertions thr …