Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
English
Entry № 1318

UEBA (User and Entity Behavior Analytics)

Reviewed byCybersecurity entrepreneur & security researcher

What is UEBA (User and Entity Behavior Analytics)?

UEBA (User and Entity Behavior Analytics)A detection technology that profiles normal behavior of users and entities, then surfaces statistical or machine-learning anomalies that may indicate compromise or insider risk.

User and Entity Behavior Analytics builds dynamic baselines for each identity (users, service accounts, hosts, IoT devices) and scores deviations from those baselines using statistics, peer-group comparisons, and machine learning. Unlike signature-based tooling, UEBA catches subtle misuse such as logon-time anomalies, impossible travel, abnormal data access, lateral movement, or privilege abuse. It typically consumes data from SIEM, identity providers, EDR, and cloud audit logs, and outputs risk-scored alerts or risk indicators consumed by SOAR or analysts. UEBA is central to insider-threat programs and zero-trust enforcement, complementing rule-based detections with behavior context.

Examples

  1. 01

    Detecting that a finance user suddenly downloads 50 GB from SharePoint at 03:00 from a new country.

  2. 02

    Flagging a service account that begins authenticating interactively after months of headless use.

Frequently asked questions

What is UEBA (User and Entity Behavior Analytics)?

A detection technology that profiles normal behavior of users and entities, then surfaces statistical or machine-learning anomalies that may indicate compromise or insider risk. It belongs to the Defense & Operations category of cybersecurity.

What does UEBA (User and Entity Behavior Analytics) mean?

A detection technology that profiles normal behavior of users and entities, then surfaces statistical or machine-learning anomalies that may indicate compromise or insider risk.

How do you defend against UEBA (User and Entity Behavior Analytics)?

Defences for UEBA (User and Entity Behavior Analytics) typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for UEBA (User and Entity Behavior Analytics)?

Common alternative names include: Behavioral analytics, User behavior analytics.

Related terms

See also