SlideShare a Scribd company logo

User and Entity Behavioral Analytics

Interset
Interset

In security, rules and thresholds create an excess of security alerts. This slows down security teams, and buries real threats to the enterprise. Analytics, in contrast, will take billions of events and distill them into a handful of true threat leads. This presentation explains—through case studies—how to use statistical methods to validate threats and reduce false positives.

Technology
1 of 22
Download to read offline
1 |  ©  2017  Interset  Software User  and  Entity  Behavioral  Analytics Stephan  Jou,  November  2017
2 |  ©  2017  Interset  Software § CTO  at  Interset § Previously:  Cognos and  IBM’s  Business  Analytics   CTO  Office § Big  data  analytics,  visualization,  cloud,  predictive   analytics,  data  mining,  neural  networks,  mobile,   dashboarding and  semantic  search § M.Sc.  in  Computational  Neuroscience  and   Biomedical  Engineering,  and  a  dual  B.Sc.  in   Computer  Science  and  Human  Physiology,  all  from   the  University  of  Toronto Hey.  I’m  Stephan  Jou.  I  like  analytics.
3 |  ©  2017  Interset  Software Rachel  Pictures:  1  of  2,365  
4 |  ©  2017  Interset  Software Rachel  Pictures:  2  of  2,365
5 |  ©  2017  Interset  Software Rachel  Pictures:  3  of  2,365  
6 |  ©  2017  Interset  Software Rachel  Pictures:  4  of  2,365  
7 |  ©  2017  Interset  Software Rachel  Pictures:  5  of  2,365
8 |  ©  2017  Interset  Software Rachel  – Year  0  alerts   ALERT
9 |  ©  2017  Interset  Software Rachel  – Year  0  False  Positives § Dent  in  head! § Too  many  bowel  movements! § Spitting  up  too  frequently? § Horrifying  rash! § High  temperature!  Fever? § Normal. § Normal. § Nothing  to  worry  about. § Baby  acne.  Typical. § Within  normal  range.
10 |  ©  2017  Interset  Software Baby  Anomaly  Detection  Advice  for  Me § Rigid  rules  and  thresholds  don’t  work § Every  baby  is  different § Learn  normal  for  your  baby § Look  for  and  quantify  deviations  from  normal Internal  temperature Skin  pattern Sleeping  patterns Breathing  patterns Speech  development Emotional  state Growth,  weight,  height Eating  behaviors …etc
11 |  ©  2017  Interset  Software Scaling  Up  Baby  Anomaly  Detection § Every  parent  should  do  this  for   every  baby § Each  parent  should  look  for   multiple  deviations,  not  just  a   single  deviation A  lot  of  babies  à a  lot  of  data  +  analysis  à Fewer cases  with  a  low  false  positive  rate
12 |  ©  2017  Interset  Software A  Canadian  Moment User and Entity Behavioral Analytics
13 |  ©  2017  Interset  Software From  Baby  Analytics  to  Security  Analytics… A  Handful  of  Threat  LeadsBillions  of  Events Hundreds  of  Anomalies
14 |  ©  2017  Interset  Software Place  Subtitle  Here X 2  Engineers   stole  data 1  Year $1  Million  Spent Large  security   vendor  failed  to   find  anything   2  Weeks Easily   identified  the  2   Engineers Found  3   additional  users   stealing  data  in   North  America Found  8   additional  users   stealing  data  in   China Example  #1:  $20B  Manufacturer
15 |  ©  2017  Interset  Software • Proper  math  means  rapid   deployment  &  detection  with   little  maintenance • But  use  case  >  math • Agree  on  the  use  cases  in   advance • POC  with  historical  data • Engage  your  red  team Lesson  #1:  The  Math  Matters  – Test  It
16 |  ©  2017  Interset  Software High  Probability  Anomalous  Behavior  Models • Detected  large  copies  to  the  portable  hard   drive,  at  an  unusual  time  of  day • Bayesian  models  to  measure  and  detect   highly  improbable  events High  Risk  File  Models • Detected  high  risk  files,  including  PowerPoints   used  to  collect  large  amounts  of  inappropriate   content • Risk  aggregation  based  on  suspicious   behaviors  and  unusual  derivative  movement Example  #2:  Military  Defense  Contractor
17 |  ©  2017  Interset  Software • Security  analytics  system  should  allow   you  to  quantify  risk,  not  just  a  binary   alert • Need  to  distinguish  between  true   emergencies   • Consider  runbook  integration  with   downstream  systems,  both  automatic   and  human Lesson  #2:  Automated,  Measured  Responses
18 |  ©  2017  Interset  Software Place  Subtitle  Here Millions  of  events   analyzed  with   machine  learning Anomalies   discovered  using   models High  quality  leads Example  #3:  Large  U.S.  Telco
19 |  ©  2017  Interset  Software • Solution  should  help  you  deal  with  less   alerts,  not  more  alerts • Solution  should  leverage  sound   statistical  methods  to  reduce  false   positives  and  noise • Measure work  effort  with  and  without  the   solution  in  place Lesson  #3:  Fewer  Alerts,  Not  More
20 |  ©  2017  Interset  Software 6.5  billion  transactions  annually,  750+   customers,  500+  employees Team  of  7:  CISO,  1  security  architect,  3   security  analysts,  2  network  security Focus  and  prioritized  incident  responses Incident  alert  accuracy  increased  from  28%  to  92% Incident  mitigation  coverage  doubled  from  70  per  week  to  140 Example  #4:  Healthcare  Records  and  Payment  Processing
21 |  ©  2017  Interset  Software Place  Subtitle  Here • Define  meaningful  operational  metrics   (not  just  “false  positives”) • Build  process  for  measuring  over  time,   not  just  during  pilot • Ensure  the  Security  Analytics   deployment  supports  a  feedback   process Lesson  #4:  Meaningful  Metrics  (Hawthorne  Effect)
22 |  ©  2017  Interset  Software 1. The  Math  Matters  – Test  It 2. Automated,  Measured  Response 3. Fewer  Alerts,  Not  More 4. Meaningful  Metrics Thank  You! sjou@interset.com @eeksock

Recommended

Machine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingMachine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingInterset
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsInterset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...Interset
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityInterset
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]Interset
 

Recommended

Machine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingMachine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingInterset
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsInterset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...Interset
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityInterset
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]Interset
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteInterset
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasInterset
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayInterset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Interset
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkInterset
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...Interset
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...SaraPia5
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Collin Miles
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral AnalyticsInterset
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Interset
 
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]Druva
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle ManagementFujitsu Middle East
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Cloud Security - What you Should Be Concerned About
Cloud Security - What you Should Be Concerned AboutCloud Security - What you Should Be Concerned About
Cloud Security - What you Should Be Concerned AboutLuong Trung Thanh
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Proofpoint
 

More Related Content

What's hot

Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteInterset
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasInterset
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayInterset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Interset
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkInterset
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...Interset
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...SaraPia5
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Collin Miles
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral AnalyticsInterset
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Interset
 
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]Druva
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Constructionjxyz
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Cloud Security - What you Should Be Concerned About
Cloud Security - What you Should Be Concerned AboutCloud Security - What you Should Be Concerned About
Cloud Security - What you Should Be Concerned AboutLuong Trung Thanh
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 

What's hot (20)

Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less Work
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?Webinar: Will the Real AI Please Stand Up?
Webinar: Will the Real AI Please Stand Up?
 
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
Taking a Proactive Approach to Combat Ransomware [Druva Webinar]
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
Philly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by ConstructionPhilly ETE 2016: Securing Software by Construction
Philly ETE 2016: Securing Software by Construction
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
Cloud Security - What you Should Be Concerned About
Cloud Security - What you Should Be Concerned AboutCloud Security - What you Should Be Concerned About
Cloud Security - What you Should Be Concerned About
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 

Similar to User and Entity Behavioral Analytics

How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Proofpoint
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
DevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflow
DevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflowDevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflow
DevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflowDevOpsDays Riga
 
Fighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceFighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceRon Bodkin
 
How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorHow big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorDataWorks Summit
 
Complex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data AnalyticsComplex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data AnalyticsCoThink
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Fighting Financial Crime with Artificial Intelligence
Fighting Financial Crime with Artificial IntelligenceFighting Financial Crime with Artificial Intelligence
Fighting Financial Crime with Artificial IntelligenceDataWorks Summit
 
Where are the data professionals
Where are the data professionalsWhere are the data professionals
Where are the data professionalsSteven Miller
 
Developing practical evidence-based solutions to prevent harm in the workplace
Developing practical evidence-based solutions to prevent harm in the workplace Developing practical evidence-based solutions to prevent harm in the workplace
Developing practical evidence-based solutions to prevent harm in the workplace Australian Institute of Health & Safety
 
The exciting new world of code & data
The exciting new world of code & dataThe exciting new world of code & data
The exciting new world of code & dataSteven Miller
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingSqrrl
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datosSoftware Guru
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chainCameron Townshend
 
Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...
Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...
Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...Cristene Gonzalez-Wertz
 
Data Science towards the Digital Enterprise
Data Science towards the Digital EnterpriseData Science towards the Digital Enterprise
Data Science towards the Digital EnterpriseJake Bouma
 
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk
 
Dev Secops Software Supply Chain
Dev Secops Software Supply ChainDev Secops Software Supply Chain
Dev Secops Software Supply ChainCameron Townshend
 

Similar to User and Entity Behavioral Analytics (20)

How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned.
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
DevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflow
DevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflowDevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflow
DevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflow
 
Fighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligenceFighting financial fraud at Danske Bank with artificial intelligence
Fighting financial fraud at Danske Bank with artificial intelligence
 
How big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the doorHow big data and AI saved the day: critical IP almost walked out the door
How big data and AI saved the day: critical IP almost walked out the door
 
Complex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data AnalyticsComplex Problem Solving and Big Data Analytics
Complex Problem Solving and Big Data Analytics
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Fighting Financial Crime with Artificial Intelligence
Fighting Financial Crime with Artificial IntelligenceFighting Financial Crime with Artificial Intelligence
Fighting Financial Crime with Artificial Intelligence
 
Where are the data professionals
Where are the data professionalsWhere are the data professionals
Where are the data professionals
 
Developing practical evidence-based solutions to prevent harm in the workplace
Developing practical evidence-based solutions to prevent harm in the workplace Developing practical evidence-based solutions to prevent harm in the workplace
Developing practical evidence-based solutions to prevent harm in the workplace
 
The exciting new world of code & data
The exciting new world of code & dataThe exciting new world of code & data
The exciting new world of code & data
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datos
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain
 
Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...
Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...
Journey to Industry 4.0 and Beyond with Cognitive Manufacturing -Taiwan compu...
 
Data Science towards the Digital Enterprise
Data Science towards the Digital EnterpriseData Science towards the Digital Enterprise
Data Science towards the Digital Enterprise
 
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
 
Dev Secops Software Supply Chain
Dev Secops Software Supply ChainDev Secops Software Supply Chain
Dev Secops Software Supply Chain
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

User and Entity Behavioral Analytics

  • 1. 1 |  ©  2017  Interset  Software User  and  Entity  Behavioral  Analytics Stephan  Jou,  November  2017
  • 2. 2 |  ©  2017  Interset  Software § CTO  at  Interset § Previously:  Cognos and  IBM’s  Business  Analytics   CTO  Office § Big  data  analytics,  visualization,  cloud,  predictive   analytics,  data  mining,  neural  networks,  mobile,   dashboarding and  semantic  search § M.Sc.  in  Computational  Neuroscience  and   Biomedical  Engineering,  and  a  dual  B.Sc.  in   Computer  Science  and  Human  Physiology,  all  from   the  University  of  Toronto Hey.  I’m  Stephan  Jou.  I  like  analytics.
  • 3. 3 |  ©  2017  Interset  Software Rachel  Pictures:  1  of  2,365  
  • 4. 4 |  ©  2017  Interset  Software Rachel  Pictures:  2  of  2,365
  • 5. 5 |  ©  2017  Interset  Software Rachel  Pictures:  3  of  2,365  
  • 6. 6 |  ©  2017  Interset  Software Rachel  Pictures:  4  of  2,365  
  • 7. 7 |  ©  2017  Interset  Software Rachel  Pictures:  5  of  2,365
  • 8. 8 |  ©  2017  Interset  Software Rachel  – Year  0  alerts   ALERT
  • 9. 9 |  ©  2017  Interset  Software Rachel  – Year  0  False  Positives § Dent  in  head! § Too  many  bowel  movements! § Spitting  up  too  frequently? § Horrifying  rash! § High  temperature!  Fever? § Normal. § Normal. § Nothing  to  worry  about. § Baby  acne.  Typical. § Within  normal  range.
  • 10. 10 |  ©  2017  Interset  Software Baby  Anomaly  Detection  Advice  for  Me § Rigid  rules  and  thresholds  don’t  work § Every  baby  is  different § Learn  normal  for  your  baby § Look  for  and  quantify  deviations  from  normal Internal  temperature Skin  pattern Sleeping  patterns Breathing  patterns Speech  development Emotional  state Growth,  weight,  height Eating  behaviors …etc
  • 11. 11 |  ©  2017  Interset  Software Scaling  Up  Baby  Anomaly  Detection § Every  parent  should  do  this  for   every  baby § Each  parent  should  look  for   multiple  deviations,  not  just  a   single  deviation A  lot  of  babies  à a  lot  of  data  +  analysis  à Fewer cases  with  a  low  false  positive  rate
  • 12. 12 |  ©  2017  Interset  Software A  Canadian  Moment User and Entity Behavioral Analytics
  • 13. 13 |  ©  2017  Interset  Software From  Baby  Analytics  to  Security  Analytics… A  Handful  of  Threat  LeadsBillions  of  Events Hundreds  of  Anomalies
  • 14. 14 |  ©  2017  Interset  Software Place  Subtitle  Here X 2  Engineers   stole  data 1  Year $1  Million  Spent Large  security   vendor  failed  to   find  anything   2  Weeks Easily   identified  the  2   Engineers Found  3   additional  users   stealing  data  in   North  America Found  8   additional  users   stealing  data  in   China Example  #1:  $20B  Manufacturer
  • 15. 15 |  ©  2017  Interset  Software • Proper  math  means  rapid   deployment  &  detection  with   little  maintenance • But  use  case  >  math • Agree  on  the  use  cases  in   advance • POC  with  historical  data • Engage  your  red  team Lesson  #1:  The  Math  Matters  – Test  It
  • 16. 16 |  ©  2017  Interset  Software High  Probability  Anomalous  Behavior  Models • Detected  large  copies  to  the  portable  hard   drive,  at  an  unusual  time  of  day • Bayesian  models  to  measure  and  detect   highly  improbable  events High  Risk  File  Models • Detected  high  risk  files,  including  PowerPoints   used  to  collect  large  amounts  of  inappropriate   content • Risk  aggregation  based  on  suspicious   behaviors  and  unusual  derivative  movement Example  #2:  Military  Defense  Contractor
  • 17. 17 |  ©  2017  Interset  Software • Security  analytics  system  should  allow   you  to  quantify  risk,  not  just  a  binary   alert • Need  to  distinguish  between  true   emergencies   • Consider  runbook  integration  with   downstream  systems,  both  automatic   and  human Lesson  #2:  Automated,  Measured  Responses
  • 18. 18 |  ©  2017  Interset  Software Place  Subtitle  Here Millions  of  events   analyzed  with   machine  learning Anomalies   discovered  using   models High  quality  leads Example  #3:  Large  U.S.  Telco
  • 19. 19 |  ©  2017  Interset  Software • Solution  should  help  you  deal  with  less   alerts,  not  more  alerts • Solution  should  leverage  sound   statistical  methods  to  reduce  false   positives  and  noise • Measure work  effort  with  and  without  the   solution  in  place Lesson  #3:  Fewer  Alerts,  Not  More
  • 20. 20 |  ©  2017  Interset  Software 6.5  billion  transactions  annually,  750+   customers,  500+  employees Team  of  7:  CISO,  1  security  architect,  3   security  analysts,  2  network  security Focus  and  prioritized  incident  responses Incident  alert  accuracy  increased  from  28%  to  92% Incident  mitigation  coverage  doubled  from  70  per  week  to  140 Example  #4:  Healthcare  Records  and  Payment  Processing
  • 21. 21 |  ©  2017  Interset  Software Place  Subtitle  Here • Define  meaningful  operational  metrics   (not  just  “false  positives”) • Build  process  for  measuring  over  time,   not  just  during  pilot • Ensure  the  Security  Analytics   deployment  supports  a  feedback   process Lesson  #4:  Meaningful  Metrics  (Hawthorne  Effect)
  • 22. 22 |  ©  2017  Interset  Software 1. The  Math  Matters  – Test  It 2. Automated,  Measured  Response 3. Fewer  Alerts,  Not  More 4. Meaningful  Metrics Thank  You! sjou@interset.com @eeksock