Solutions
Solutions
Digital Workspaces

DaaS and VDI

Secure Access

Zero Trust Network Access (ZTNA)

Application Delivery

Analytics

Content Collaboration

Collaborative Work Management

SD-WAN

BY USE CASE

Modernize IT

Deploy DaaS

Simplify hybrid cloud

Accelerate employee onboarding

Secure Distributed Work

Modernize your IT security

Get a VPN alternative

Protect apps and APIs

Boost Productivity

Enable remote work

Collaborate securely

Enhance user experience

See all use cases

BY INDUSTRY

Healthcare

Education

Government

Financial Services

Manufacturing

Retail

BY BUSINESS SIZE

Small business and departments
Products

Products

Build your own digital workspace

DAAS AND VDI

Citrix DaaS
Citrix Virtual Apps and Desktops
Citrix Analytics for Performance

CONTENT COLLABORATION AND WORK MANAGEMENT

Citrix ShareFile
Citrix Podio
Citrix RightSignature

APP DELIVERY AND SECURITY

Citrix App Delivery and Security Service
Citrix ADC
Citrix Analytics for Security
Citrix Secure Private Access
Citrix Web App and API Protection

View all products

See Citrix DaaS in action

Choose from a quick overview tour, deep-dive admin experience, or 1:1 demo.

Download Citrix Workspace app

Citrix Workspace app is the easy-to-install client software that provides seamless secure access to everything you need to get work done.
Resources
Resources
Blogs

Fieldwork

Trust Center

Events & Webinars

Tech Zone

Customer Stories

Citrix Discussions

View all resources

Rethink the way you work with Citrix DaaS for Google Cloud

Get the solution brief

How to avoid surprise costs with desktop as a service

Get the report
Customers
Customers
GET HELP

Support

Downloads

Community

CUSTOMER SUCCESS

Success Programs

Consulting Services

Premium Training

Onboarding & Adoption

Customer Stories

Success Center

Get expert guidance, resources, and step-by-step instructions to navigate your path to the cloud.

Fundamental Training

Learn about planning, deployment, and management of Citrix solutions, so you can maximize the value of your investment.
Company
Company
COMPANY

About Us

Corporate Citizenship

Diversity & Inclusion

Sustainability

News

PARTNERS

Strategic Alliances

Partner with Citrix

Partner Central

Citrix Ready Marketplace

Find a Local Partner

What you need to know about hybrid cloud strategy in 2022

The right cloud strategy can unlock billions in business value. Learn how to master hybrid cloud strategy and design a cloud infrastructure that best fits your business.

Read the article

What is user behavior analytics (UEBA)?

User behavior analytics (also known as UEBA or entity behavior analytics) is cybersecurity technology that uses monitoring tools to gather and assess data from user activity, with the goal of proactively finding and flagging suspicious behavior before it leads to a data breach. By relying on machine learning to learn how users normally interact with an organization’s technology, user behavioral analytics can immediately recognize anomalous behavior to stop bad actors from accessing sensitive information. This threat intelligence enables continuous risk assessment without complicating the end user experience.

Much like SIEM (Security Information and Event Management), UEBA is an approach to information security that relies on automated analysis of data to detect and stop potential cyberattacks in real time. While traditional security tools like SIEM analyze events that occur behind firewalls, UEBA focuses on data generated by user behavior. Examples of data analyzed by UEBA include network traffic, login times, geographic locations, session duration, file downloads, and authentication logs. This information enables the UEBA solution to identify typical patterns of activity, and then take action if users deviate from these patterns in ways that indicate malicious behavior.

Explore additional UEBA topics:

Why are user behavior analytics important?
How do user behavior analytics work?
How does machine learning work with UEBA?
Citrix solutions for UEBA

Why are user behavior analytics important?

The average data breach can cost a company millions, and often involves internal threats. This makes it important to recognize suspicious activity before bad actors are able to steal sensitive data like health records or intellectual property. However, perimeter-facing enterprise security technology like firewalls or encryption do nothing to stop malicious insiders who have already gained access to an organization’s data through phishing, malware, or credential theft.

What’s more, the widespread adoption of SaaS, cloud, and mobile apps has made risk management more difficult. It’s especially challenging for IT teams to identify and address potential threats across hybrid cloud architectures. Many of these apps and services may not even be officially sanctioned by IT, making it tougher to detect bad actors using them. This creates a need for continuous visibility across apps, users, networks, cloud services, and devices to eliminate security blind spots and help security teams identify, analyze, and respond to data exfiltration attempts proactively.

User behavior analytics address this challenge by continuously monitoring the activity of every user, then using threat detection to find and flag anomalous behavior before it leads to a breach. This enables organizations to protect sensitive data inside their systems instead of only protecting the perimeter.

How do user behavior analytics work?

At a high level, user behavior analytics work by establishing benchmarks or rules for normal user behavior and alerting IT when a user deviates from these benchmarks. For example, if normal working hours are defined as 7 am to 8 pm, the UEBA solution would flag an attempt to sign on and access sensitive files at 3 am as unusual—and either halt access immediately or alert IT admins. If the user’s credentials had been stolen and used by a hacker, this would prevent a serious breach.

More sophisticated UEBA solutions are capable of more dynamic rule making that creates specific risk profiles for each user. These profiles are created by monitoring how each user in an organization works: what apps they use, their preferred devices and networks, and how they access and share files for projects. If a user exhibits anomalous behavior, such as unusual usage of an application or excessive file sharing activity, the UEBA solution can autonomously take action to block the user’s device or access before data is compromised. This advanced rule-making capability in user behavior analytics is possible through machine learning.

E-BOOK

Protect your data against insider threats

Get a detailed look at user behavior analytics (UEBA)—and learn how you can use it to protect sensitive corporate data.

Download now

How does machine learning work with UEBA?

Machine learning (ML) is similar to artificial intelligence (AI) in that it enables software to self-improve by analyzing and learning from relevant data. AI and machine learning are transforming many business processes, and user behavior analytics are no exception. ML-capable user behavior analytics can create user-specific rules and risk scores. Here’s a high-level view of how machine learning works in user behavior analytics:

The organization provides the machine learning engine access to a lake of user data drawn from IT events, application usage, logons, network activity, and more. By integrating security analytics with a unified digital workspace that contains all these data sources, organizations can fill their big data lake to improve the machine learning process.
After an organization’s behavioral analytics platform has filled its data lake, it then correlates this big data to distinct users inside the organization. This is the foundation for risk profiles and associated behavioral patterns that the machine learning engine will develop.
Once data is correlated to individuals inside the organization, the machine learning engine begins to understand how those users work and behave at their jobs. This enables the machine learning engine to acquire actionable insights into each user’s everyday behavior and work styles—ones the organization would otherwise not be able to get.

After developing these actionable insights, the machine learning engine creates dynamic risk profiles for each user inside the organization. This allows the platform to assign a risk score to each individual user session. If a user starts to behave in an odd or suspicious way that does not match their normal work activity, the security analytics platform immediately recognizes this aberrant behavior. IT would be alerted to take action, and the user would automatically receive a message to verify their identity and stop a breach in its tracks.

Citrix solutions for UEBA

To protect sensitive company data, you need to keep users secure in real time. Citrix Analytics for Security uses machine learning to assess, detect, and prevent risks at the individual user level. This cloud-delivered UEBA tool helps organizations identify suspicious behaviors and stop internal threats long before they lead to breaches.