I've been involved in the data analytics and high-tech industries long enough to have seen plenty of new technologies subjected to a degree of hype so great they could never ever measure up.Some of these (fuzzy logic or Google Glass, anyone?) flamed out quickly; others, like artificial intelligence (AI), have had seesawing fortunes spanning decades \u2014 here subject to the loftiest expectations only to be followed there by a \u2018trough of disillusionment\u2019 (one of Gartner's hype-cycle stages, and a term I like) as physical, technical and other limitations became evident.Within the sub-domain of AI for security, a collection of technologies known as user behavior analytics (UBA) is now enjoying its own moment of high expectations, much as security information and event management (SIEM) systems did about a decade ago.UBA differs from SIEM in not just aggregating and correlating alerts from different network events but by using a combination of AI and analytical approaches \u2014 including rules-based, pattern-matching and statistical methods, plus supervised and unsupervised machine learning \u2014 to establish baselines of how systems, networks and devices typically behave, and then to detect significant anomalies in their behavior and send alerts to security teams for further investigation.Gartner industry analysts in particular have spent lots of time thinking about UBA. They note that UBA tools hold several key advantages over SIEM for applications like insider threat detection, credential abuse, account takeovers and IP\/data loss prevention. First, they detect threats better (and detect \u2018better\u2019 threats) than SIEM tools; second, they analytically decide what matters, then boost those signals while minimizing the \u2018noise'; and third, they solve some security problems with less expert labor.That said, analysts from Gartner as well as from Forrester Research and Enterprise Security Group (ESG) also are mindful of lingering UBA weaknesses, including:There are some so-called "black swan" events that a UBA system won\u2019t find because they don\u2019t resemble past events.AI-based UBA approaches are good at detecting anomalous behavior, but they also spot lots of other things that analysts need to spend time chasing down, only to discover they were not actual threats but "false positives."Not all organizations have in place the kinds of human expertise required to run a UBA system properly; in particular, many lack data scientists.Network data is not enough to find insider threats and other malicious actors; businesses need additional context from non-IT data sources like personnel files, travel records and employment histories.Obtaining all that new data and getting it cleaned and integrated properly is not easy, for a variety of organizational and technical reasons.These firms are in general agreement that UBA won\u2019t replace human analysts any time soon \u2014 instead, it should be seen as making them more effective and less prone to alert fatigue. They also tend to agree that SIEM is not going away, and in many cases should be viewed as complementary to UBA. The best UBA systems, one analyst notes, make SIEM \u2018smarter\u2019 by focusing on analyzing streaming and batch data rather than on rules.They do differ, though, on the issue of whether UBA is a passing fad. Some think UBA will be dead as a standalone market category in five years, transformed into next-gen SIEM or folded into adjacent security markets such as endpoint security, identity and access management and data loss prevention, where advanced analytics and behavioral profiling will help these products lower alert volumes while producing more accurate and actionable high-priority alerts.My experience tells me that the UBA market, like that for SIEM and other technologies before it, won\u2019t die but will certainly evolve as time goes by. (One ESG analyst called this progression "innovative flux.") I\u2019m not just talking about inevitable industry churn prompted by corporate bankruptcies and acquisitions (which is already starting to happen), or newly coined buzzwords, but a progression of new techniques and technologies as well.It also matters that user behavior analytics has already produced successes against some of the security community\u2019s toughest challenges. For instance, encoding whole-person behavior into probabilistic models and then running a diverse array of network- and non network-related data sets through the model nodes is a UBA approach that has been proven to drastically reduce alert fatigue while prioritizing real risks to an organization, easing the strain on the already overworked SOC analysts and letting them focus on the risks that really matter. And it also overcomes most of the other UBA weaknesses that I listed above.I\u2019ll write more about adjacent security markets for UBA in a future blog. I will also address the application of other AI technologies to security because I believe there is in fact still a lot of hype out there, which is unhelpful to those of us who\u2019ve already witnessed some significant advances in critical areas. There's always room for improvement, of course, but if we prematurely write UBA\u2019s obituary I believe we run the risk of overlooking some very real existing achievements \u2014 and others that are not too far over the horizon.