Skip to content

Probabilistic vs deterministic identity security

One of the first things to understand when comparing probabilistic and deterministic approaches to identity security is how each operates. This is especially true in environments that rely on user and behavior analytics (UEBA). A UEBA environment will much more commonly rely on probabilistic methods, as the name implies.

Let's break these approaches down and explore how they can work together.

Probabilistic approach

Common methods include inferring legitimacy based on behavioral patterns and statistical likelihoods to make assumptions instead of direct confirmations. Sounds a bit like UEBA in practice, right? This approach can be especially valuable for broad threat detection and anomaly alerting. Oftentimes, it can operate effectively even when user data is not complete or ambiguous. But there are weaknesses, with the most glaring one being that attackers can mimic legitimate behaviors using AI or deepfakes along with stolen credentials thereby evading detection.

Accuracy can be characterized as moderate due to the heavy reliance on statistical likelihoods and not certainties. Ease of configuration and use is more on the complex side, again because of the dependency on large-scale analytics, ML, and behavioral baselines.

Probabilistic methods are useful for spotting unusual activity at scale, but they can never give you full assurance that the person behind the screen is truly who they claim to be.

Deterministic approach

Unlike statistical likelihoods, deterministic instead offers binary certainty to its approach through verifying immutable identifiers such as cryptographic keys, biometric matches, and device-specific identifiers. It excels in accuracy and should be the preferred approach used in industries that demand zero tolerance for security lapses (i.e. banking or healthcare).

But a major weakness (for now anyways) is that of coverage. It requires robust and high-quality data for every identity interaction in order to make determinations. And if the environment presents the solution with incomplete, anonymous, or highly distributed data sets, then those determinations will either be grossly innacurate or fail to be attained.

Put simply: deterministic methods deliver higher confidence, but they require strong infrastructure and reliable data to work.

If robust data is achieved, then this approach offers a high level of accuracy with direct, verifiable proof of determinations. Additionally, ease of configuration and use is simpler in general, but again requires strong data verification.

Make UEBA more deterministic

As pointed out above, UEBA typically relies heavily on ML and analytics to baseline normal behaviors. After which, it can begin to spot anomalies, assign risk scores and trigger alerts. It is inherently probabilistic. However, it does a great job at reducing false positives and providing context-aware alerts. But falling short on identity confirmation with absolute certainty.

So how do we improve upon UEBA and increase deterministic processes? There are several ways, all of which start at the organization's strategic vision and goals level.

For leaders, the practical takeaway is that you don't need to choose between probabilistic and deterministic methods. The most reslient strategy blends both.

Here are four ways to bring more determinism into UEBA:

  1. Start with integrating deterministic identity verification into authentication workflows.

    • employ cryptographic authentication such as passkeys, smart cards, or PIVs.
    • bind authentication to registered and trusted devices.
    • require biometric verification

  2. Layer deterministic controls within existing UEBA

    • Use deterministic identity proofing at login and during privileged escalation events
    • continue probabilistic monitoring for ongoing risk assessment

  3. Integrate continuous identity assurance

    • Adapt your risk-based policies to apply deterministic checks when a UEBA risk score increases.
    • Example adaptations could be triggering cryptographic or biometric re-authentication.

  4. Ensure and enforce strict identity verification at account creation and every privileged event

    • require proof at regular intervals but especially after suspicious activities and privileged escalation events.

Final thoughts

Probabilistic approaches like UEBA are powerful for broad monitoring, but on their own, they leave gaps and can miss targeted identity attacks. By weaving deterministic identity verification into workflows, especially at login and during privilege escalation events, organizations can close those gaps and materially reduce impersonation risk. The most resilient organizations combine the two.

In short: probabilistic for breadth, deterministic for certainty. Together they strengthen identity security across the enterprise.