What’s that thing that doesn’t lie? Behavior

The National Health Information Sharing and Analysis Center (NH-ISAC), is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing Physical and Cyber Threat Intelligence and best practices.

They have two Summits a year. Gurucul has been a NH-ISAC partner since the inaugural event in 2015. We were pleased to sponsor the 2018 NH-ISAC Spring Summit held earlier this month. And, we will be at the Fall Summit in San Antonio, TX in November.

You Can Steal an Identity, but You Can’t Steal Behavior

The event kicked off with a keynote by our healthcare provider customer who talked about the importance of model driven security and investing in data scientists. Model driven security is the use of math and algorithms to evaluate behavior in order to make real time security control decisions. Instead of relying on humans to enter those control changes into a console, machine learning models drive automated response and orchestrate decisions.

What’s that thing that doesn’t lie?” he asked the audience. “Behavior.” Behavior based security analytics is the definition of model driven security.

He told us one of the reasons he chose Gurucul was because of our deep bench of data scientists. He didn’t even realize how important that was until we got into a POC with 4 other security analytics vendors. That’s when our talent pool quickly became evident.

Model Driven Security Drives Front Line Security Controls

Later in the week we were talking with a customer who has 300 machine learning models in production. He is looking to expand to 500 models by year end. That’s when he said, “There’s so much more we can do with this!

An example of why model driven security is needed: a recent large organization had 15,000 servers taken down in under 90 seconds. There are no people in this world that can respond fast enough to mitigate those sorts of attacks. You need to be able to move at machine speed, and that is why our customers are moving to model driven security because it gives them a machine-based reaction time to critical threats.

One of the cool things this particular customer has done with Gurucul is to identify a way to block select emails from leaving the environment if a user’s risk score is considered high. This is a great example of model driven security: action is taken on identified risks with no human intervention. If a user’s risk score goes up, that user can no longer send certain emails outside of the company.

Model Driven Security Applies Automation to High Risk Scenarios

Our healthcare customers were constantly trying to sift through thousands of alerts per day. When they started to model specific behavior, it gave them the ability to focus on what was most important. It greatly reduced the amount of time they were spending looking through incidents that may not be risky and gave them the opportunity to focus where they needed to – on risky behavior.

Our customers are driving very powerful behavior analytics use cases. You could, too. Contact us today to get started.

Share this page: