SlideShare a Scribd company logo

Harnessing UEBA and Machine Learning technologies to protect enterprises from insider threats

Download as PPTX, PDF
ZoneFox
ZoneFox

Cybersecurity trends come and go, but machine learning looks to be here to stay. According to a recent survey, 43% of of data breaches in recent years were caused by employees, contractors or suppliers, either negligently or maliciously. How can we harness UEBA and machine learning technologies to protect against the insider threat?

Technology
1 of 22
1 ZoneFox – Harnessing UEBAand Machine Learning Technologies to Protect Enterprises from Insider Threats
2 Spun out of Napier University Edinburgh by CEO & Founder, Dr Jamie Graves in 2011 Multiple awards for Cyber Innovation, Best Product, Best Start Up Global customers – headquartered in Edinburgh Start up to scale up - 3 people to 30+ Growth driven by innovation and differentiation Now a Fortinet company Background to ZoneFox Lynsey Jenkins, Director of Marketing
3 ZoneFox is an award winning market leader in User Entity Behavior Analytics, providing critical insights around data-flow that you need to secure against the Insider Threat. A few of our reference customers: Who Are We?
4 People working from home “a threat to Cyber Security” charities warned. Neil Sinclair, London Digital Security Centre Why is there such a risk in business today?
5 • People - asset and a liability • Accidental, malicious, careless, collusion • Causes - lack of training, lack of controls, lack of visibility, easy to bypass controls So what is the Insider Threat?
6 According to McAfee, in recent years 43% of data breaches – affecting companies of all sizes – were caused by employees, contractors or suppliers, either negligently or maliciously. The rise of the Insider Threat
7 Job titles that didn’t really exist 3 years ago: Head of Insider Threat Deloitte Insider Threat Consultant EY Insider Cyber Risk Assessor Barclays Insider Threat Analyst BAE Systems Director of Insider Threat GE Head of Investigation & Insider Threat Worldpay VP of Insider Threat Citizens Bank Insider Risk Manager Lloyds BG Head of Data – Insider Risk HSBC Relevance to the Enterprise
8 • Intrusion Detection • Perimeter Protection • Anti Virus • Firewalls • Application Whitelisting • Network Packet Inspection • Encryption • Next Generation Anti Virus • Log aggregation & SIEM Cyber Security 101– traditional methods
9 The challenge !
10 • Machine Learning is a good human augmentation for filtering and sifting massive data sets • Ideal tool for spotting non-compliant, suspicious or anomalous behaviour - the needle within the haystack • As UEBA learns the behaviour of individuals over time it becomes more accurate Where does UEBAand Machine Learning fit?
11 • Two principal distinct approaches for Machine Learning - supervised - unsupervised • It’s not an elixir; it’s a tool to be used (or misused) amongst others in your arsenal. Complimentary to SIEM (Fortinet Fabric) Getting Started with Machine Learning
12 Getting started with Machine Learning Unsupervised ML Clustering Finds inherent groupings within data sets Association Finds relationships within the data points Supervised ML Classification Predicts discrete, specific responses Regression Predicts continuous responses
13 How Machine Learning Works Select Data  Training  Validation  Test Use Model  Run on live data Test Accuracy  Check performance using test data Model Data  Build features Validate  Assess using validation data
14 • When used correctly, machine learning is like having an eager employee that’s keen to highlight all potentially interesting data points • Resources can be focussed on the really interesting stuff • Build models of user behaviour and get early warning • Ideal tool for spotting non-compliant, suspicious or anomalous behaviour - What Machine Learning means for the Security Team Anomalous doesn’t necessarily mean bad however Bad is usually anomalous!
15 • Harness the power of machine learning to spot unusual user activity automatically • Record actual user activity • Build a profile for a user over a period of time. Ideally a small number of days rather than weeks so that you can re-build models regularly • Compare a user’s new activity to their previous activity • Use peer groups to reduce false positives • Compare user ‘X’ this week to last week Putting it into practice
16 How does it work?
17 Case Study - F1
18 Case Study - Government • Highly regulated environment • 15,000 end users • Provision of more and more IT services for agencies • Need to protect sensitive information • Competitive replacement
19 Case Study - Legal • Requirement to prove compliance • EUBA a component of DX and DLP • Measurement of overall security stature “The introduction of ZoneFox has given us the insights to measure effectiveness against acceptable usage policies and also gives us superb visibility of potential security risks we cannot write rules for.” - CISO, Pinsent Masons
20 • Insider threats are on the rise across businesses of all sizes • UEBA and machine learning technology is the ideal tool for spotting non-compliant, suspicious or anomalous behavior • Harnessing this technology frees up resource to focus on other security issues In conclusion
21 40 Torphichen Street, Edinburgh, EH3 8JB +44 (0)845 3884999 info@zonefox.com @zonefox zonefox.com Thanks for listening
Harnessing UEBA and Machine Learning technologies to protect enterprises from insider threats

Recommended

PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMEmulex Corporation
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Security stronghold presentation smart uac
Security stronghold presentation smart uacSecurity stronghold presentation smart uac
Security stronghold presentation smart uacw_harker
 

Recommended

PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMEmulex Corporation
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Security stronghold presentation smart uac
Security stronghold presentation smart uacSecurity stronghold presentation smart uac
Security stronghold presentation smart uacw_harker
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in InfosecDominique Dessy
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model tmbainjr131
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsZoneFox
 
Vulnerability in ai
Vulnerability in ai Vulnerability in ai
Vulnerability in aiSrajalTiwari1
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Security stronghold presentation smart uac
Security stronghold presentation smart uacSecurity stronghold presentation smart uac
Security stronghold presentation smart uacw_harker
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...JoAnna Cheshire
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 

More Related Content

What's hot

2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in InfosecDominique Dessy
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model tmbainjr131
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsZoneFox
 
Vulnerability in ai
Vulnerability in ai Vulnerability in ai
Vulnerability in aiSrajalTiwari1
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Security stronghold presentation smart uac
Security stronghold presentation smart uacSecurity stronghold presentation smart uac
Security stronghold presentation smart uacw_harker
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...JoAnna Cheshire
 

What's hot (20)

2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 
20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Construction
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
 
Vulnerability in ai
Vulnerability in ai Vulnerability in ai
Vulnerability in ai
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Security stronghold presentation smart uac
Security stronghold presentation smart uacSecurity stronghold presentation smart uac
Security stronghold presentation smart uac
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
 

Similar to Harnessing UEBA and Machine Learning technologies to protect enterprises from insider threats

Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
The Perimeter within Modern Business - does it exist?
The Perimeter within Modern Business - does it exist?The Perimeter within Modern Business - does it exist?
The Perimeter within Modern Business - does it exist?ZoneFox
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...NRBsanv
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspectiveSravan Ankaraju
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 

Similar to Harnessing UEBA and Machine Learning technologies to protect enterprises from insider threats (20)

Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
The Perimeter within Modern Business - does it exist?
The Perimeter within Modern Business - does it exist?The Perimeter within Modern Business - does it exist?
The Perimeter within Modern Business - does it exist?
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolio
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspective
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 

Harnessing UEBA and Machine Learning technologies to protect enterprises from insider threats

  • 1. 1 ZoneFox – Harnessing UEBAand Machine Learning Technologies to Protect Enterprises from Insider Threats
  • 2. 2 Spun out of Napier University Edinburgh by CEO & Founder, Dr Jamie Graves in 2011 Multiple awards for Cyber Innovation, Best Product, Best Start Up Global customers – headquartered in Edinburgh Start up to scale up - 3 people to 30+ Growth driven by innovation and differentiation Now a Fortinet company Background to ZoneFox Lynsey Jenkins, Director of Marketing
  • 3. 3 ZoneFox is an award winning market leader in User Entity Behavior Analytics, providing critical insights around data-flow that you need to secure against the Insider Threat. A few of our reference customers: Who Are We?
  • 4. 4 People working from home “a threat to Cyber Security” charities warned. Neil Sinclair, London Digital Security Centre Why is there such a risk in business today?
  • 5. 5 • People - asset and a liability • Accidental, malicious, careless, collusion • Causes - lack of training, lack of controls, lack of visibility, easy to bypass controls So what is the Insider Threat?
  • 6. 6 According to McAfee, in recent years 43% of data breaches – affecting companies of all sizes – were caused by employees, contractors or suppliers, either negligently or maliciously. The rise of the Insider Threat
  • 7. 7 Job titles that didn’t really exist 3 years ago: Head of Insider Threat Deloitte Insider Threat Consultant EY Insider Cyber Risk Assessor Barclays Insider Threat Analyst BAE Systems Director of Insider Threat GE Head of Investigation & Insider Threat Worldpay VP of Insider Threat Citizens Bank Insider Risk Manager Lloyds BG Head of Data – Insider Risk HSBC Relevance to the Enterprise
  • 8. 8 • Intrusion Detection • Perimeter Protection • Anti Virus • Firewalls • Application Whitelisting • Network Packet Inspection • Encryption • Next Generation Anti Virus • Log aggregation & SIEM Cyber Security 101– traditional methods
  • 10. 10 • Machine Learning is a good human augmentation for filtering and sifting massive data sets • Ideal tool for spotting non-compliant, suspicious or anomalous behaviour - the needle within the haystack • As UEBA learns the behaviour of individuals over time it becomes more accurate Where does UEBAand Machine Learning fit?
  • 11. 11 • Two principal distinct approaches for Machine Learning - supervised - unsupervised • It’s not an elixir; it’s a tool to be used (or misused) amongst others in your arsenal. Complimentary to SIEM (Fortinet Fabric) Getting Started with Machine Learning
  • 12. 12 Getting started with Machine Learning Unsupervised ML Clustering Finds inherent groupings within data sets Association Finds relationships within the data points Supervised ML Classification Predicts discrete, specific responses Regression Predicts continuous responses
  • 13. 13 How Machine Learning Works Select Data  Training  Validation  Test Use Model  Run on live data Test Accuracy  Check performance using test data Model Data  Build features Validate  Assess using validation data
  • 14. 14 • When used correctly, machine learning is like having an eager employee that’s keen to highlight all potentially interesting data points • Resources can be focussed on the really interesting stuff • Build models of user behaviour and get early warning • Ideal tool for spotting non-compliant, suspicious or anomalous behaviour - What Machine Learning means for the Security Team Anomalous doesn’t necessarily mean bad however Bad is usually anomalous!
  • 15. 15 • Harness the power of machine learning to spot unusual user activity automatically • Record actual user activity • Build a profile for a user over a period of time. Ideally a small number of days rather than weeks so that you can re-build models regularly • Compare a user’s new activity to their previous activity • Use peer groups to reduce false positives • Compare user ‘X’ this week to last week Putting it into practice
  • 16. 16 How does it work?
  • 18. 18 Case Study - Government • Highly regulated environment • 15,000 end users • Provision of more and more IT services for agencies • Need to protect sensitive information • Competitive replacement
  • 19. 19 Case Study - Legal • Requirement to prove compliance • EUBA a component of DX and DLP • Measurement of overall security stature “The introduction of ZoneFox has given us the insights to measure effectiveness against acceptable usage policies and also gives us superb visibility of potential security risks we cannot write rules for.” - CISO, Pinsent Masons
  • 20. 20 • Insider threats are on the rise across businesses of all sizes • UEBA and machine learning technology is the ideal tool for spotting non-compliant, suspicious or anomalous behavior • Harnessing this technology frees up resource to focus on other security issues In conclusion
  • 21. 21 40 Torphichen Street, Edinburgh, EH3 8JB +44 (0)845 3884999 info@zonefox.com @zonefox zonefox.com Thanks for listening