SlideShare a Scribd company logo

Correlation: Why It's Important to Your Security Infrastructure

Download as PPTX, PDF
identityautomation
identityautomation

We broke down what correlation is, it's 3 main components, and what it means to identity and access management. It could also be important to your organization's security infrastructure.

1 of 26
Do You Need Correlation? Breaking Down Correlation and What it Means to Identity Management
“Do you need correlation?”
It’s a question we keep discussing with prospects and customers… And it’s clear there’s a lack of understanding around correlation and its place in an identity management platform.
What is correlation? When is it needed? How does it support an identity management platform and security infrastructure?
There are three kinds of correlation: • Identity Correlation • Event Correlation • Behavioral Correlation
Let’s take a closer look at all three…
Identity Correlation
Identity Correlation – What is it? Identity Correlation reconciles and validates proper ownership of user account IDs throughout an organization & links ownership of those user account IDs to individuals using a unique identifier. In other words, Identity Correlation provides context to user account IDs.
This is Jane Smith. She works as a Marketing Manager for XYZ Corp. To XYZ Corp’s security technology systems, Jane exists as JSmith. Identity Correlation – How it Works
Identity Correlation links JSmith to the access Jane needs to do her job. As a marketing manager, Jane needs access to Google Apps, Salesforce.com and Hubspot. She does not need access to JIRA, used by the engineering team. Identity Correlation – How it Works JSmith
Identity Correlation can show data discrepancies, like if Jane suddenly had access to JIRA. If that happened, Identity Correlation would show XYZ Corp’s IT staff that they need to remove that access for her. Identity Correlation – How it Works
Identity management platforms should provide identity correlation as a core function of the product. Identity Correlation & Identity Management
Event Correlation
Event correlation looks at events happening in a window of time. It is the process of examining events, interactions of events, and then determining which events and interactions are important. Event Correlation – What is it?
Event correlation is handled by a Security Information and Event Management (SIEM) tool. When properly configured, a SIEM tool will determine event correlations and raise alerts when needed. Event Correlation – What is it?
Event Correlation – How it Works Jane logs into her computer in Barcelona… …but then swipes her employee badge in Jakarta… That shouldn’t be possible! A SIEM tool would alert her IT staff so proper containment steps could be taken.
A SIEM tool directly handles event correlation, but receives event logs from across the organization. An identity management platform is a provider and producer of activity logs for a SIEM tool. It also supports alerts from SIEM tools to take action on risks. Event Correlation & Identity Management
Behavioral Correlation
Behavioral correlation is a relatively new term in IT security because the industry has struggled so much with identity and event correlation. Behavioral Correlation – What is it?
Identity Correlation = deals with a current state of accounts Event Correlation = examines events occurring within a window of time Behavioral Correlation = looks at a current event and compares it to historical action patterns Behavioral Correlation – What is it?
Jane typically logs into a US based device every weekday between 9am and 6pm. But if she travels to Munich and attempts to login, behavioral correlation determines that this login does not match her usual patterns. That action could push a pre-set policy for this situation into effect, requiring Jane to provide additional information, such as a one- time password sent to her phone. Behavioral Correlation – How it Works
Because it’s such a new concept, most identity management platforms do not have the infrastructure to handle behavioral correlation. But it should live in identity management, so the most innovative vendors are closing examining it. Behavioral Correlation & Identity Management
So…do you need correlation?...
In short, maybe… It all depends on what you’re trying to do. But your identity management vendor should be able to help you determine which type of correlation you need.
As it relates to correlation, an identity management platform should include: • Identity Correlation as a component • Ability to work in conjunction with a SIEM tool • Future plans to offer Behavioral Correlation capabilities
To learn more about the different types of correlation, read our guidebook, Do You Need Correlation?

Recommended

Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015
identityautomation
 
Event Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEvent Correlation Applications for Utilities
Event Correlation Applications for Utilities
EnergySec
 
Appriss Automates Support of 650 End-Point Routers with CA Process Automation
Appriss Automates Support of 650 End-Point Routers with CA Process AutomationAppriss Automates Support of 650 End-Point Routers with CA Process Automation
Appriss Automates Support of 650 End-Point Routers with CA Process Automation
CA Technologies
 
Introduction to Numetric (1)
Introduction to Numetric (1)Introduction to Numetric (1)
Introduction to Numetric (1)Matt Polson
 
Pre-Con Ed: What's New in CA Service Management
Pre-Con Ed: What's New in CA Service ManagementPre-Con Ed: What's New in CA Service Management
Pre-Con Ed: What's New in CA Service Management
CA Technologies
 
Ca automation suite screen shots 2
Ca automation suite screen shots 2Ca automation suite screen shots 2
Ca automation suite screen shots 2
David Resnic
 
MUSES WP5 Final Conclusions
MUSES WP5 Final ConclusionsMUSES WP5 Final Conclusions
MUSES WP5 Final Conclusions
Paloma De Las Cuevas
 
Using data science to automate event correlation - June 2016 - Dan Turchin - ...
Using data science to automate event correlation - June 2016 - Dan Turchin - ...Using data science to automate event correlation - June 2016 - Dan Turchin - ...
Using data science to automate event correlation - June 2016 - Dan Turchin - ...
PeopleReign, Inc.
 

Recommended

Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015
identityautomation
 
Event Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEvent Correlation Applications for Utilities
Event Correlation Applications for Utilities
EnergySec
 
Appriss Automates Support of 650 End-Point Routers with CA Process Automation
Appriss Automates Support of 650 End-Point Routers with CA Process AutomationAppriss Automates Support of 650 End-Point Routers with CA Process Automation
Appriss Automates Support of 650 End-Point Routers with CA Process Automation
CA Technologies
 
Introduction to Numetric (1)
Introduction to Numetric (1)Introduction to Numetric (1)
Introduction to Numetric (1)Matt Polson
 
Pre-Con Ed: What's New in CA Service Management
Pre-Con Ed: What's New in CA Service ManagementPre-Con Ed: What's New in CA Service Management
Pre-Con Ed: What's New in CA Service Management
CA Technologies
 
Ca automation suite screen shots 2
Ca automation suite screen shots 2Ca automation suite screen shots 2
Ca automation suite screen shots 2
David Resnic
 
MUSES WP5 Final Conclusions
MUSES WP5 Final ConclusionsMUSES WP5 Final Conclusions
MUSES WP5 Final Conclusions
Paloma De Las Cuevas
 
Using data science to automate event correlation - June 2016 - Dan Turchin - ...
Using data science to automate event correlation - June 2016 - Dan Turchin - ...Using data science to automate event correlation - June 2016 - Dan Turchin - ...
Using data science to automate event correlation - June 2016 - Dan Turchin - ...
PeopleReign, Inc.
 
Case Study: Taking IT Asset Management to the Next Level With Process Automation
Case Study: Taking IT Asset Management to the Next Level With Process AutomationCase Study: Taking IT Asset Management to the Next Level With Process Automation
Case Study: Taking IT Asset Management to the Next Level With Process Automation
CA Technologies
 
HfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Webinar Slides: Smart Process Automation in Enterprise BusinessHfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Research
 
Business process automation: The past, present and future
Business process automation: The past, present and futureBusiness process automation: The past, present and future
Business process automation: The past, present and future
Qorus Software
 
Robotic Process Automation for Financial Services
Robotic Process Automation for Financial ServicesRobotic Process Automation for Financial Services
Robotic Process Automation for Financial Services
Appian
 
APIs and Process automation at APIDays Global 2016
APIs and Process automation at APIDays Global 2016APIs and Process automation at APIDays Global 2016
APIs and Process automation at APIDays Global 2016
Giuliano Iacobelli
 
Chatbots + rpa (robotic process automation)
Chatbots + rpa (robotic process automation)Chatbots + rpa (robotic process automation)
Chatbots + rpa (robotic process automation)
Carlos Toxtli
 
Everest Group FIT matrix for Robotic Process Automation (rpa) technology
Everest Group FIT matrix for Robotic Process Automation (rpa) technologyEverest Group FIT matrix for Robotic Process Automation (rpa) technology
Everest Group FIT matrix for Robotic Process Automation (rpa) technology
UiPath
 
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
Reducing MTTR and False Escalations: Event Correlation at LinkedInReducing MTTR and False Escalations: Event Correlation at LinkedIn
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
Michael Kehoe
 
The 2015 Millennial Majority Workforce: Study Results
The 2015 Millennial Majority Workforce: Study ResultsThe 2015 Millennial Majority Workforce: Study Results
The 2015 Millennial Majority Workforce: Study Results
Elance-oDesk
 
Banking in India
Banking in IndiaBanking in India
Banking in IndiaPrasant Patro
 
digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
Orlando F. Delgado
 
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Dana Gardner
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
Mighty Guides, Inc.
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | Sysfore
Sysfore Technologies
 
Cybersecurity: How to be Proactive
Cybersecurity: How to be ProactiveCybersecurity: How to be Proactive
Cybersecurity: How to be Proactive
Brown Smith Wallace
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
Rahul Tyagi
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
Laura Martin
 
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and ComplianceML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
BigML, Inc
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
EMC
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
kajal kumari
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performance
Abhishek Sood
 
CISO Interview Question.pdf
CISO Interview Question.pdfCISO Interview Question.pdf
CISO Interview Question.pdf
infosec train
 

More Related Content

Viewers also liked

Case Study: Taking IT Asset Management to the Next Level With Process Automation
Case Study: Taking IT Asset Management to the Next Level With Process AutomationCase Study: Taking IT Asset Management to the Next Level With Process Automation
Case Study: Taking IT Asset Management to the Next Level With Process Automation
CA Technologies
 
HfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Webinar Slides: Smart Process Automation in Enterprise BusinessHfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Research
 
Business process automation: The past, present and future
Business process automation: The past, present and futureBusiness process automation: The past, present and future
Business process automation: The past, present and future
Qorus Software
 
Robotic Process Automation for Financial Services
Robotic Process Automation for Financial ServicesRobotic Process Automation for Financial Services
Robotic Process Automation for Financial Services
Appian
 
APIs and Process automation at APIDays Global 2016
APIs and Process automation at APIDays Global 2016APIs and Process automation at APIDays Global 2016
APIs and Process automation at APIDays Global 2016
Giuliano Iacobelli
 
Chatbots + rpa (robotic process automation)
Chatbots + rpa (robotic process automation)Chatbots + rpa (robotic process automation)
Chatbots + rpa (robotic process automation)
Carlos Toxtli
 
Everest Group FIT matrix for Robotic Process Automation (rpa) technology
Everest Group FIT matrix for Robotic Process Automation (rpa) technologyEverest Group FIT matrix for Robotic Process Automation (rpa) technology
Everest Group FIT matrix for Robotic Process Automation (rpa) technology
UiPath
 
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
Reducing MTTR and False Escalations: Event Correlation at LinkedInReducing MTTR and False Escalations: Event Correlation at LinkedIn
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
Michael Kehoe
 
The 2015 Millennial Majority Workforce: Study Results
The 2015 Millennial Majority Workforce: Study ResultsThe 2015 Millennial Majority Workforce: Study Results
The 2015 Millennial Majority Workforce: Study Results
Elance-oDesk
 

Viewers also liked (10)

Case Study: Taking IT Asset Management to the Next Level With Process Automation
Case Study: Taking IT Asset Management to the Next Level With Process AutomationCase Study: Taking IT Asset Management to the Next Level With Process Automation
Case Study: Taking IT Asset Management to the Next Level With Process Automation
 
HfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Webinar Slides: Smart Process Automation in Enterprise BusinessHfS Webinar Slides: Smart Process Automation in Enterprise Business
HfS Webinar Slides: Smart Process Automation in Enterprise Business
 
Business process automation: The past, present and future
Business process automation: The past, present and futureBusiness process automation: The past, present and future
Business process automation: The past, present and future
 
Robotic Process Automation for Financial Services
Robotic Process Automation for Financial ServicesRobotic Process Automation for Financial Services
Robotic Process Automation for Financial Services
 
APIs and Process automation at APIDays Global 2016
APIs and Process automation at APIDays Global 2016APIs and Process automation at APIDays Global 2016
APIs and Process automation at APIDays Global 2016
 
Chatbots + rpa (robotic process automation)
Chatbots + rpa (robotic process automation)Chatbots + rpa (robotic process automation)
Chatbots + rpa (robotic process automation)
 
Everest Group FIT matrix for Robotic Process Automation (rpa) technology
Everest Group FIT matrix for Robotic Process Automation (rpa) technologyEverest Group FIT matrix for Robotic Process Automation (rpa) technology
Everest Group FIT matrix for Robotic Process Automation (rpa) technology
 
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
Reducing MTTR and False Escalations: Event Correlation at LinkedInReducing MTTR and False Escalations: Event Correlation at LinkedIn
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
 
The 2015 Millennial Majority Workforce: Study Results
The 2015 Millennial Majority Workforce: Study ResultsThe 2015 Millennial Majority Workforce: Study Results
The 2015 Millennial Majority Workforce: Study Results
 
Banking in India
Banking in IndiaBanking in India
Banking in India
 

Similar to Correlation: Why It's Important to Your Security Infrastructure

digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
Orlando F. Delgado
 
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Dana Gardner
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
Mighty Guides, Inc.
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | Sysfore
Sysfore Technologies
 
Cybersecurity: How to be Proactive
Cybersecurity: How to be ProactiveCybersecurity: How to be Proactive
Cybersecurity: How to be Proactive
Brown Smith Wallace
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
Rahul Tyagi
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
Laura Martin
 
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and ComplianceML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
BigML, Inc
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
EMC
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
kajal kumari
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performance
Abhishek Sood
 
CISO Interview Question.pdf
CISO Interview Question.pdfCISO Interview Question.pdf
CISO Interview Question.pdf
infosec train
 
Discussion Forum.300 wordsInclude at least. words in your po
Discussion Forum.300 wordsInclude at least. words in your poDiscussion Forum.300 wordsInclude at least. words in your po
Discussion Forum.300 wordsInclude at least. words in your po
widdowsonerica
 
Robust Software Solutions.pptx
Robust Software Solutions.pptxRobust Software Solutions.pptx
Robust Software Solutions.pptx
Business Thrust Pte. Ltd. (BThrust)
 
Linked in misti_rs_1.0
Linked in misti_rs_1.0Linked in misti_rs_1.0
Linked in misti_rs_1.0
Vincent Toms
 
Identity and Access Intelligence
Identity and Access IntelligenceIdentity and Access Intelligence
Identity and Access IntelligenceTim Bell
 
How AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdfHow AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdf
online Marketing
 
How AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdfHow AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdf
online Marketing
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies
 

Similar to Correlation: Why It's Important to Your Security Infrastructure (20)

digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
digital-transformation-and-ai-driven-security-strategies-for-enterprise-level...
 
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
Five Ways to Make Identity Management Work Best Across Hybrid Computing Envir...
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | Sysfore
 
Cybersecurity: How to be Proactive
Cybersecurity: How to be ProactiveCybersecurity: How to be Proactive
Cybersecurity: How to be Proactive
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and ComplianceML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performance
 
CISO Interview Question.pdf
CISO Interview Question.pdfCISO Interview Question.pdf
CISO Interview Question.pdf
 
Discussion Forum.300 wordsInclude at least. words in your po
Discussion Forum.300 wordsInclude at least. words in your poDiscussion Forum.300 wordsInclude at least. words in your po
Discussion Forum.300 wordsInclude at least. words in your po
 
Robust Software Solutions.pptx
Robust Software Solutions.pptxRobust Software Solutions.pptx
Robust Software Solutions.pptx
 
Linked in misti_rs_1.0
Linked in misti_rs_1.0Linked in misti_rs_1.0
Linked in misti_rs_1.0
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
Identity and Access Intelligence
Identity and Access IntelligenceIdentity and Access Intelligence
Identity and Access Intelligence
 
How AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdfHow AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdf
 
How AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdfHow AI is influencing cyber security for business - CyberHive.pdf
How AI is influencing cyber security for business - CyberHive.pdf
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Correlation: Why It's Important to Your Security Infrastructure

  • 1. Do You Need Correlation? Breaking Down Correlation and What it Means to Identity Management
  • 2. “Do you need correlation?”
  • 3. It’s a question we keep discussing with prospects and customers… And it’s clear there’s a lack of understanding around correlation and its place in an identity management platform.
  • 4. What is correlation? When is it needed? How does it support an identity management platform and security infrastructure?
  • 5. There are three kinds of correlation: • Identity Correlation • Event Correlation • Behavioral Correlation
  • 6. Let’s take a closer look at all three…
  • 8. Identity Correlation – What is it? Identity Correlation reconciles and validates proper ownership of user account IDs throughout an organization & links ownership of those user account IDs to individuals using a unique identifier. In other words, Identity Correlation provides context to user account IDs.
  • 9. This is Jane Smith. She works as a Marketing Manager for XYZ Corp. To XYZ Corp’s security technology systems, Jane exists as JSmith. Identity Correlation – How it Works
  • 10. Identity Correlation links JSmith to the access Jane needs to do her job. As a marketing manager, Jane needs access to Google Apps, Salesforce.com and Hubspot. She does not need access to JIRA, used by the engineering team. Identity Correlation – How it Works JSmith
  • 11. Identity Correlation can show data discrepancies, like if Jane suddenly had access to JIRA. If that happened, Identity Correlation would show XYZ Corp’s IT staff that they need to remove that access for her. Identity Correlation – How it Works
  • 12. Identity management platforms should provide identity correlation as a core function of the product. Identity Correlation & Identity Management
  • 14. Event correlation looks at events happening in a window of time. It is the process of examining events, interactions of events, and then determining which events and interactions are important. Event Correlation – What is it?
  • 15. Event correlation is handled by a Security Information and Event Management (SIEM) tool. When properly configured, a SIEM tool will determine event correlations and raise alerts when needed. Event Correlation – What is it?
  • 16. Event Correlation – How it Works Jane logs into her computer in Barcelona… …but then swipes her employee badge in Jakarta… That shouldn’t be possible! A SIEM tool would alert her IT staff so proper containment steps could be taken.
  • 17. A SIEM tool directly handles event correlation, but receives event logs from across the organization. An identity management platform is a provider and producer of activity logs for a SIEM tool. It also supports alerts from SIEM tools to take action on risks. Event Correlation & Identity Management
  • 19. Behavioral correlation is a relatively new term in IT security because the industry has struggled so much with identity and event correlation. Behavioral Correlation – What is it?
  • 20. Identity Correlation = deals with a current state of accounts Event Correlation = examines events occurring within a window of time Behavioral Correlation = looks at a current event and compares it to historical action patterns Behavioral Correlation – What is it?
  • 21. Jane typically logs into a US based device every weekday between 9am and 6pm. But if she travels to Munich and attempts to login, behavioral correlation determines that this login does not match her usual patterns. That action could push a pre-set policy for this situation into effect, requiring Jane to provide additional information, such as a one- time password sent to her phone. Behavioral Correlation – How it Works
  • 22. Because it’s such a new concept, most identity management platforms do not have the infrastructure to handle behavioral correlation. But it should live in identity management, so the most innovative vendors are closing examining it. Behavioral Correlation & Identity Management
  • 23. So…do you need correlation?...
  • 24. In short, maybe… It all depends on what you’re trying to do. But your identity management vendor should be able to help you determine which type of correlation you need.
  • 25. As it relates to correlation, an identity management platform should include: • Identity Correlation as a component • Ability to work in conjunction with a SIEM tool • Future plans to offer Behavioral Correlation capabilities
  • 26. To learn more about the different types of correlation, read our guidebook, Do You Need Correlation?