User behavior analytics: separating hype from reality

I've been involved in the data analytics and high-tech industries long enough to have seen plenty of new technologies subjected to a degree of hype so great they could never ever measure up. Some of these (fuzzy logic or Google Glass, anyone?) flamed out quickly; others, like artificial intelligence (AI), have had seesawing fortunes spanning decades -- here subject to the loftiest expectations only to be followed there by a'trough of disillusionment' (one of Gartner's hype-cycle stages, and a term I like) as physical, technical and other limitations became evident. Within the sub-domain of AI for security, a collection of technologies known as user behavior analytics (UBA) is now enjoying its own moment of high expectations, much as security information and event management (SIEM) systems did about a decade ago. UBA differs from SIEM in not just aggregating and correlating alerts from different network events but by using a combination of AI and analytical approaches -- including rules-based, pattern-matching and statistical methods, plus supervised and unsupervised machine learning -- to establish baselines of how systems, networks and devices typically behave, and then to detect significant anomalies in their behavior and send alerts to security teams for further investigation. Gartner industry analysts in particular have spent lots of time thinking about UBA.