Director, Federal Systems Engineering
Mar 22, 2016
What are Federal agencies’ concerns addressed by User Behavior Analytics from Gurucul?
RSA in San Francisco turned out to be an exciting event for Gurucul, even from an awards standpoint – it was an awesome accomplishment to be recognized by SC Magazine as the 2016 Trust Award winner for the Best Behavior Analytics Enterprise / Threat Detection solution, plus three Cyber Defense Magazine awards for Insider Threat Prevention, Detection and Best Behavior Analytics. RSA was also exceptional from the amount of Federal customer traffic and meetings we had in the booth and the events around the conference.
During the week our team of Sales Engineers presented well over 350 personal demonstrations of our technology to booth visitors, many of those demonstrations where to Federal users. A keynote presentation from Teri Takai (past CIO DoD, State of CA and MI) also helped underscore how UEBA is assisting to fill the void in security analytics by giving actionable intelligence to security teams and allowing them to focus their key assets where they are needed most. Another highlight of the week was spending time discussing our solution with the federal agencies like the US Air Force.
So with all that interaction what seemed to drive people to our solution footprint? Well the first one isn’t all that straight and simple, however it seemed that the most common theme was how does the UEBA technology give a return on investment that will ultimately allow a smaller workforce to be able to better handle the ever expanding cyber security threat. That took me back to my active duty Air Force days of being understaffed with an ever expanding mission and having to figure out a way to do more with less to meet the objectives. Boy, how I wish we had the technology back then that we have now. Right behind the ROI point, the second consistent theme heard was how do we leverage this technology over a very large enterprise that might not have all the logs and needed data inputs in a single place or a single SIEM solution.
Both points seem to be pretty standard for the Federal Government these days, both growing in size and geographic diversity due to global warfighting requirements, and the continuous decline in budgets to do more with less. Gurucul’s solution is able to address both of these requirements. Our solution designed by our CTO Nilesh Dherange takes advantage of Machine Learning models (150+) instead of complex rules and ties in user identity to really track who and how the user interacts to form a solid baseline of normal access and activity. In a global environment where the user and the threat can jump around access points, our technology is able to give you active intelligence at a theater level, which alerts you to take action as needed, and allows you to send those “normal behavior” patterns upstream so you can add more data and run machine learning models for behavior analytics and predictive scoring again to enhance the profiles.
So the two takeaways are, scaling with Machine Learning models helps with the ROI in a way that humans cannot provide, and being able to work directly with existing infrastructure and data sources (with or without SIEM) to get all behavior patterns analyzed with behavior modeling is key to covering all environments and use cases.