The Missing Approach is a way to reduce the effort, cost, and time it takes to detect cyber threats and security risks. Benefits for companies of all sizes.
1. The Missing Approach
A way to reduce the effort, cost, and time
it takes to detect and react to cyber threats
and security risks
2. Is there a more
effective way to
manage the
unpredictability of
information security?
3. 69% believe parts of
their existing security
solutions are outdated
or inadequate
Ponemon Institute, The Need for New IT Security Architecture, Feb. 2017
4. New and Unknown Threats
Insider Threats
Advanced Persistent
ThreatsCloud Risks
Third-Party Risks
Data Risks
5. New and Unknown Threats
Insider Threats
Advanced Persistent
ThreatsCloud Risks
Third-Party Risks
Data Risks
6. Is there a Strategy for
Managing Unknown and
Changing Risk
Business Challenge
And fits within my budget!
7. • How do I detect threats?
• Where do I start
investigating?
• What is really at risk?
Dilemma
the most important⌵
8. Reacting to Change Events has only led to:
PROTECT
DETECT
RESPOND
Increased
Cost for
Security Operations
Increased
False-Positive
Alerts
Increased Time
to Remediate
9. “While hackers can find numerous
intrusion techniques and gaps in
controls - what they can’t
replicate is behavioral
characteristics”
Rob Capinjola, CEO Change Dynamix
11. How is Anomalous Behavior different
than finding Anomalies?
All these tools detect anomalies
Next-gen Firewall
Unified Threat Management
SIEM
Advanced Endpoint Protection
Endpoint detection and response
Cloud Access Security Broker
Identity and access Management
12. Detecting Anomalous Behavior
Requires User-Context,
Across an Organization and Cloud Services,
Analyzing Historical and Current Anomalies
*The key is making it easier and less costly
so organizations of all sizes can benefit
13. Directly Capture Change within User-Context
User and System Actions, Activities, and Timelines
Meta-data
Lightweight Agent or Browser Extension
Step 1: How to Detect Anomalous Behavior
15. Experience Immediate Anomaly Detection
Step 4: How to Detect Anomalous Behavior
Group
Behavioral Characteristics of
Accounting Group
Group
Role is NOT Accounting
Less effort! No requirement for
SIEM, log data, or rule
management!
from the
direct capture
of subtle
change
signals
16. Step 5: How to Detect Anomalous Behavior
and detect true and validated
Anomalous Behaviors
Analyze Historical and Current Anomalies
Historical anomalies, an
untapped resource that grows
over time, enhancing threat
detection capabilities
17. The Missing Approach
Information Security that uses
Behavioral Characteristics to Detect:
• Threats in Action
• Resources in Use
• Data at Risk
(Yes, even low and slow!)
(Yes, it captures cloud services!)
(Yes, it locates sensitive data locations!)