Behavioural analytics in security and defence typically refers to User and Entity Behaviour Analytics (UEBA) — platforms that monitor digital behaviour patterns to detect anomalies. Unusual file access, off-hours logins, lateral movement across systems — UEBA platforms catch these events reliably when properly tuned. What they cannot catch is the human emotional and cognitive state that precedes and drives those behaviours. That is the layer EchoDepth covers.
What UEBA Monitors (and What It Doesn't)
UEBA platforms monitor the digital exhaust of human activity — logs, access records, network traffic, application usage. They are excellent at detecting anomalous digital behaviour after it has occurred. The limitation is temporal: UEBA alerts fire when a digital act triggers an anomaly threshold. By that point, the act has already happened.
Behavioural science research consistently shows that the decision to commit an insider act — exfiltrate data, misuse access, leak classified material — is preceded by a detectable period of emotional and psychological change. Carnegie Mellon CERT's analysis found a 14-month average gap between first observable precursor and first malicious act. UEBA doesn't cover that 14-month window. Emotion AI does.
Emotional Behavioural Analytics: The Pre-Digital Layer
EchoDepth provides what might be called emotional behavioural analytics — continuous monitoring of the emotional and cognitive state dimensions that UEBA cannot access. Individual emotional baselines are established per person over two to four weeks. Subsequent monitoring sessions score deviations from baseline in real time.
Key signal dimensions include: sustained changes in valence (emotional positivity/negativity), arousal trajectory (activation level over time), dominance (perceived control), suppression patterns (deliberate emotional inhibition during access events), and micro-expression frequency (spontaneous emotional expressiveness declining under cognitive load or deceptive intent).
These signals feed directly into SIEM platforms via REST API, enabling correlation with UEBA data. A person whose UEBA profile is entirely normal but whose emotional baseline shows a sustained significant deviation from their established pattern is a signal that UEBA alone cannot generate.
The Combined Picture: UEBA + Emotion AI
UEBA and emotion AI are complementary, not competitive. The most powerful insider threat detection infrastructure combines both: UEBA covers the digital behaviour layer with high accuracy after digital acts occur, while emotion AI covers the human emotional layer to surface pre-digital signals weeks or months earlier.
EchoDepth is designed to integrate with existing UEBA and SIEM infrastructure. Native connectors for Splunk, Microsoft Sentinel, and IBM QRadar enable the emotional anomaly score to appear alongside digital behaviour alerts in existing analyst workflows — enriching the context available to security teams rather than adding a separate platform to manage.
Compliance Considerations for Behavioural Monitoring
Emotional behavioural analytics of employees and cleared personnel operates under UK GDPR Article 9 (special category data — biometric data) and the Employment Rights Act. Key requirements: lawful processing basis, DPIA, minimisation, purpose limitation, and transparent policies. EchoDepth pseudonymises all biometric data by default and produces full immutable audit logs. A DPA covering these requirements is available under NDA.
Emotional behavioural analytics for defence insider threat
Individual baseline profiling. Pre-digital anomaly detection. SIEM integration. UK data residency.