Eran Cohen

Eran Cohen is Director of Product Management at Preempt.
Find me on:

Recent Posts

How Security Operations Can Safely Stop Investigating Benign True Positives

Posted by Eran Cohen on Apr 20, 2017 8:45:19 AM

True Positives. It’s a topic of great interest to me. Security Operations can spend a lot of time dealing with separating out the truly non-malicious events. There is an easier way. But, before we go further, let’s align and calibrate on the terminology of True/False Positives/Negatives. Some of these terms have varying levels of agreement. It reminds me of VLAN-- you can have 5 people in the room and there will be 6 different definitions for it. To make sure we are on the same page, let's start with basic definitions accompanied with real life examples. 

Read More

Topics: Security Skills, Incident Response, User and Entity Behavior Analytics, ueba

35% of Users Have Weak Passwords; the Other 65% can be Cracked

Posted by Eran Cohen on Mar 13, 2017 5:00:00 AM

Password leaks from public breaches help us learn how people think, allow us  to identify patterns and build dictionaries of passwords. As password cracking methods evolve, Upper characters, Lower characters, Special characters and Digits (ULSD) recommendations and password complexity mean less.

Read More

Topics: Credential Compromise, Passwords, CISO

IT Security’s 8th Sense - How Big Data and Human Behavior Provide an Edge

Posted by Eran Cohen on Mar 9, 2017 7:45:00 AM

Big Data is a revolution that in my opinion is equivalent to other epiphany moments such as when humanity (i.e. Galileo) identified that the sun isn’t moving. It's our planet that moves around it.  Science and discovery have changed the way people perceive the world.

Read More

Topics: big data, User Behavior

Analyzing User Behavior is the Beginning. How It's Applied is What Really Matters.

Posted by Eran Cohen on Mar 3, 2017 2:59:40 PM

Think about this statement: “Half of the people you know are below average.” In simple terms, it means that statistically most of the people you know are considered to have average intelligence, or just below or above the line. Does this mean they are dangerous? Does it mean you should reconsider your friendship? Let’s not jump to conclusions just yet.

Read More

Topics: ueba, Behavioral Firewall, User and Entity Behavior Analytics, CISO, Use Case

Reducing Incident Management Noise With Your Own Employees

Posted by Eran Cohen on Feb 17, 2017 11:21:58 AM

Noise. Noise. Noise. Our world is noisy. It's all over the place. Visual noise, physical noise. And then there is the noise which bothers analysts in the security industry. I am referring to the security signal to noise ratio that is only growing and growing because of the evolving techniques, various data sources and the unknown threats that we all want to catch (or is it afraid to miss?). In fact, the elephant has left the room and is now visible to all.

Read More

Topics: Incident Response, ueba, Security Skills

Avoiding the Big Data Games of UEBA

Posted by Eran Cohen on Dec 15, 2016 6:21:46 AM

When thinking about some traditional User and Entity Behavior Analytics (UEBA) solutions today, I can’t help but think about a Rube Goldberg machine, an over engineered machine that performs a seemingly simple task.

One of my favorites is  “The page Turner”.   And I’ll admit it, I like playing with these useless contraptions -- and even build them. By the highview count on that video it seems  I’m not alone in enjoying them. But this does make me wonder what this says about us.   Why do we build overly complicated systems to effectively (in a way) complete tasks so inefficiently?

Read More

Topics: ueba, big data

A SWIFT Case to Stop Bank Heists with UEBA Behavioral Firewalls

Posted by Eran Cohen on Nov 17, 2016 3:13:54 PM

Enterprises almost always have users, accounts or processes that run critical business operations to enable smooth operations and ensure productivity. Often, there is a lot of emphasis placed on security, availability and integrity. Regardless of the checks and balances, systems are not infallible. Sometimes this is done because it is perceived to be secured trusted operations, and sometimes it’s based on a planned calculated risk management.

Read More

Topics: SWIFT, ueba, Use Case

10 Facts to Help You Better Understand Kerberos 

Posted by Eran Cohen on Oct 6, 2016 12:16:30 PM

Every child that grew up playing Dungeons and Dragons learned about the mythic creature of Kerberos (also known as Cerberus in Ancient Greek mythology)  -- the three headed dog who guards the gates of Haides.  Its role is to prevent the dead souls from returning to the world of living. 

Read More

Topics: kerberos

BFFs: UEBA Threat Detection and Post Infection Prevention

Posted by Eran Cohen on Aug 26, 2016 10:26:19 AM

I believe detection and prevention are the most chewed-over words in the security market. In the last 20 years, I have seen the term virus evolve to worm and horse (trojan). Then it left the living creature world and moved to the “Bond” world by becoming spyware, malware, ransomware and even getting recognized by names, such as Zeus, Cryptolocker and more.

And yet the basic terms of detection and prevention have remained steady.  No matter the triggers, no matter the technology or the company. Sometimes you’ll hear detection and prevention used together and sometimes separately depending on the solution’s capabilities.  What changes with these terms lies underneath as the threats to organizations continue to proliferate.

Read More

Topics: User Behavior, User and Entity Behavior Analytics, Behavioral Firewall

Taming the Chaos with User Behavior Analytics and Employee Engagement

Posted by Eran Cohen on Jul 1, 2016 9:25:39 AM

It's often that I meet customers that are quite surprised when they deploy a new security solution and see the results of what is actually happening in their Network.

They are astonished by what they see with the deep visibility some security products bring. To be honest, it's not only they do not understand what is actually going on in their network, it is worse, they are sometimes clueless. Let me reveal an unspoken secret. 
Read More