Gartner Renames UEBA Category To Insider Risk Management Solutions

CODE42

A change led by Gartner Analysts

Recently, Gartner renamed their User Entity Behavior Analytics (UEBA) category on peer insights to Insider Risk Management Solutions (commonly referred to as IRM). I deliberately say “renamed” because categories do not simply fade away into the sunset, they evolve. From a security perspective, a lot has changed in the past few years alone. The way we work, the proliferation of collaboration tools, and security approaches actually built with a user’s productivity in mind. Gartner first hinted at this with their Market Guide for Insider Risk Management Solutions published earlier this year.

Luckily, vendors do not create categories! The world has enough IT and Security acronyms (or alphabet soup if you like) without vendors creating more of them. In the case of Insider Risk Management, the process of defining and opening the category is driven by analysts and non-analysts on the Gartner Peer Insights team. Solution providers like Code42 get to voice the occasional opinion or two coupled with customer feedback. Ultimately though, the market has to make enough noise about the problem and in this case, they sure did!

Customers have been demanding IRM – for quite some time

When the first wave of reviews started coming in for Code42 (listed as UEBA at the time), it was obvious that we were a sanctuary for DLP hate mail. These reviews contained vital clues to the problem that our customers were trying to solve – and it was one that neither UEBA nor DLP was able to handle. What our customers hinted at was a fundamentally different approach to the insider problem – one that we can now call Insider Risk Management.

We have a ton of reviews that validate a lot around Insider Risk Management but I’m a fan of the above quote because it truly represents what this new category is. Done right, Insider Risk Management has the power to shape security culture by providing unparalleled transparency. And yes, it needs to be a “forward looking” data protection solution because change is imminent.

So now what? A proper security home & the race heats up

In full transparency, not every vendor reflected in the category is strictly Insider Risk Management. There are still pure UEBA providers reflected in the list too. Do these solutions evolve to offer true Insider Risk capabilities or affiliate with another category? It’s anyone’s guess. From an Insider Risk Management perspective, my observation is that Code42, Microsoft IRM, Proofpoint (ObserveIT) and Forcepoint have been talking about Insider Risk Management for quite some time. Given how important these reviews are in shaping the future of this category and helping customers make purchase decisions, I imagine the race will heat up here!

Ultimately this is a win-win situation for solution providers and customers. For true Insider Risk Management offerings, this category represents the right repository for the security reviews that need to be reflected. For customers, they now have a specific category to go to and better understand purchase decisions. And peer insights makes that ridiculously easy. Here’s what a quick (current) comparison looks like for Code42 vs 2 other solution providers in the space: