Going on the Offense: How to Eliminate Internal Threats

Posted by Heather Howland on Jul 27, 2018 11:57:00 AM

Over the past few years, we’ve observed significant changes in the types of conversations we’re having with CISOs. What used to be discussions about how to keep bad guys out has evolved to how to manage and address internal threats. Internal threats come in a variety of shapes and sizes. It could be an attacker who has already gotten in and waiting for the right moment to make a move. It could also be an insider threat. It could be a malicious insider looking to do harm to the organization. Or it could be employees who don’t mean any harm but may doing things (knowingly or unknowingly) that could put an organization at risk.

With the perimeter all but dissolved, and as enterprises transition to the cloud, it’s becoming clear that identity, and where there are points of access, is the new perimeter. The challenge for many organizations is how to understand their posture around identity. This requires understanding who is doing what, when, and where, and understanding it across all applications and platforms on prem, in the cloud and in hybrid environments. Having a holistic view of identity--all users, privileges, access patterns and accounts--is becoming more critical in order to be more proactive and to have proper controls over accounts (privileged, user, service, and more) and to being able to protect accounts from compromise.

Read More

Topics: User Behavior, CISO, Insider Threats, User and Entity Behavior Analytics, ueba

Detection Only Solutions Aren't Enough For Today's Security Teams

Posted by Heather Howland on Apr 27, 2018 4:28:00 AM

Last week I had the opportunity to speak with several CISOs about what they are doing to deal with cyberattacks, breaches and internal threats. A consistent theme I heard is that detection only solutions aren't enough. They need more practical approaches to rapidly respond to anomalous behavior and they need to reduce burden on analysts. Working smarter not harder. This is one of the great benefits of real-time threat prevention based on identity, behavior and risk. It can removes work from analyst via adaptive response and automated resolution of false positives. One customer recently told me that within just a couple months, automated response has helped them improve their efficiency by 30-40%. That’s a lot of time that can focused on more critical security tasks.

Read More

Topics: Adaptive Response, User and Entity Behavior Analytics, Incident Response, Threat Detection

Protecting Service Accounts from Attackers and Insiders (video)

Posted by Heather Howland on Aug 25, 2017 1:30:20 PM

Service Accounts can represent tremendous security risk for enterprises. And many of our customers struggle with how to best identify, control and protect these accounts. Let’s take a closer look at what service accounts are and what organizations can do to protect service accounts from attackers and insiders. 

Read More

Topics: Privileged Accounts, User and Entity Behavior Analytics, Active Directory, ueba

How Security Operations Can Safely Stop Investigating Benign True Positives

Posted by Eran Cohen on Apr 20, 2017 8:45:19 AM

True Positives. It’s a topic of great interest to me. Security Operations can spend a lot of time dealing with separating out the truly non-malicious events. There is an easier way. But, before we go further, let’s align and calibrate on the terminology of True/False Positives/Negatives. Some of these terms have varying levels of agreement. It reminds me of VLAN-- you can have 5 people in the room and there will be 6 different definitions for it. To make sure we are on the same page, let's start with basic definitions accompanied with real life examples. 

Read More

Topics: Security Skills, User and Entity Behavior Analytics, ueba, Incident Response

Real-time vs After the Fact: Pitfalls of Log-based Behavioral Threat Detection

Posted by Yaron Zinar on Apr 13, 2017 7:52:35 AM

It was recently published that Shadow Brokers, the group behind the Equation Group leak, are selling a new set of tools that have the ability to tamper with Windows event logs. What stood out to me is the inefficiency of security solutions that rely solely on logs for detecting threats. Implementing a security analytics or a UEBA product that relies on logs for detection of advanced cyber threats has advantages, but it is also risky.

Read More

Topics: APT, User and Entity Behavior Analytics, Threat Detection

Analyzing User Behavior is the Beginning. How It's Applied is What Really Matters.

Posted by Eran Cohen on Mar 3, 2017 2:59:40 PM

Think about this statement: “Half of the people you know are below average.” In simple terms, it means that statistically most of the people you know are considered to have average intelligence, or just below or above the line. Does this mean they are dangerous? Does it mean you should reconsider your friendship? Let’s not jump to conclusions just yet.

Read More

Topics: CISO, Behavioral Firewall, User and Entity Behavior Analytics, Use Case, ueba

Traditional UEBA vs Behavioral Firewall for Breach and Insider Threat Prevention [Part 2 - Blog Series]

Posted by Heather Howland on Sep 29, 2016 11:55:37 AM

In our Part 1 Series we talked about User and Entity Behavior Analytics (UEBA) and its benefits for better detecting possible breaches and insider threats through user and entity behavior and risk scoring.  Now let’s talk about the differences between traditional UEBA vs the newer UEBA solution, the Behavioral Firewall, which integrates adaptive responses to prevent threats.

Read More

Topics: Threat Mitigation, Behavioral Firewall, User and Entity Behavior Analytics, Identity Verification, ueba

Enterprise Security in Times of War

Posted by Ajit Sancheti on Sep 8, 2016 7:58:18 AM

Enterprises define security policies that match their business objectives. By setting security policy rules, an organization can better enable the business to achieve its goals while protecting them from advanced threats. They work reasonably well, even allowing for the well publicized breaches and insider threats. Without policies or a set of tools in place for such eventualities, it will be very difficult for the business to operate effectively when under attack.

Read More

Topics: CISO, Behavioral Firewall, Adaptive Response, Insider Threats, User and Entity Behavior Analytics, Credential Compromise, ueba

BFFs: UEBA Threat Detection and Post Infection Prevention

Posted by Eran Cohen on Aug 26, 2016 10:26:19 AM

I believe detection and prevention are the most chewed-over words in the security market. In the last 20 years, I have seen the term virus evolve to worm and horse (trojan). Then it left the living creature world and moved to the “Bond” world by becoming spyware, malware, ransomware and even getting recognized by names, such as Zeus, Cryptolocker and more.

And yet the basic terms of detection and prevention have remained steady.  No matter the triggers, no matter the technology or the company. Sometimes you’ll hear detection and prevention used together and sometimes separately depending on the solution’s capabilities.  What changes with these terms lies underneath as the threats to organizations continue to proliferate.

Read More

Topics: User Behavior, Behavioral Firewall, User and Entity Behavior Analytics

Taming ProjectSauron’s Evil Eye From Compromising Domain Controllers

Posted by Avi Kama on Aug 18, 2016 10:58:46 AM

In the past few days we all learned of the latest advanced cyber espionage spyware, ProjectSauron. An in-depth analysis was published by Kaspersky Lab, and found it to be one of the most advanced cyber-warfare malware ever made. The malware was named ProjectSauron after reference to the evil dark lord of Lord of the Rings was found embedded in the code.

Read More

Topics: APT, ProjectSauron, User and Entity Behavior Analytics, Domain Controller