March Newsletter 2019
Quote of the Month
“Look at risk as more of a compass than a watch.”
– Steve Katz, Owner, Security Risk Solutions, LLC
We love the RSA Conference! We had a great week at RSAC 2019, and a highlight of the week was a well-attended CISO roundtable moderated by the original CISO, Steve Katz. We can’t divulge what was discussed, but we can tell you there was a heated conversation about risk. At some point during the conversation, Steve made the comment, “Look at risk as more of a compass than a watch.” A wise observation. Do you know where you’re headed as you map out your risk mitigation strategy?
Start with the Highest Risk Users and Entities
The biggest opportunity to reduce risk is to focus on securing your highest risk users and assets. Privileged users and accounts have the “keys to the kingdom” so you absolutely need to lock them down. If you don’t have a privileged access management (PAM) product, get one. PAM puts privileged accounts in a vault and requires privileged users to check in and check out passwords. You have an audit trail for compliance purposes, but you still need to monitor what privileged users are actually doing. Session recording does not scale, consumes an obscene amount of storage, and can’t catch malicious activity in real time. Luckily, new technologies leveraging data science and big data eclipse these solutions. You need a security analytics product since insider threats and zero day attacks cannot be detected without one.
Behavior based security analytics powered by machine learning will detect anomalous behavior associated with privileged users and assets in real time, and alert you to risky activity. In this way, you can stop data from being exfiltrated or corrupted. Security analytics also detects if privileged accounts have been compromised by cyber criminals. It will notice atypical behaviors – impossible to detect at scale without machine learning – so you can get ahead of the threat. Outsiders need to search for critical data and assets so their lateral movement will be uncharacteristic. Security analytics finds odd behaviors indicative of true risk and raises alerts so you can take immediate action.
Implement Risk-based Controls
Let’s take this to the next level. Let’s say you don’t have to take action. Instead, what if you could automate the action you would have taken manually? Here’s where security analytics gets really interesting and becomes a game changer. The premise behind Gurucul’s security analytics platform is to provide risk scores so you can implement risk-based controls. We take structured and unstructured data feeds from every possible security and identity product – SIEM, IAM, PAM, firewall, DLP, EDR, AD/LDAP, SAP, Salesforce, EPIC, etc. (even proprietary business applications) – and generate a unified risk score for every user and entity in your organization.
Do not discount the value of that unified risk score. Your disparate applications may perform analytics on their siloed data, but all that gives you is a distorted and incomplete view of risk. Your PAM solution may say user Monroe is a high risk user. Your IGA product rates him as medium risk. And, your SIEM sees him as low risk. Which platform are you going to believe? We aggregate all those disparate data feeds to give you a holistic view of that user (or entity) across all your applications and systems. We give you risk prioritized intelligence.
Why is that important? It’s important because you can focus on the highest risk users and entities in your organization. It’s all about risk and these unified risk scores are invaluable. We put a value between 1 and 100 on people and assets. Mind you, there’s a colossal amount of data science, machine learning and analytics that goes into generating that value or risk score, so it’s a number you can depend on. It’s the difference between maybe and definitely. You definitely know this risk score can be trusted. With that trust in place, you can confidently implement controls based on that risk score.
Remove Friction with Risk Based Authentication
Here’s an example, just one of hundreds. We have customers using our risk score to reduce friction for consumers. Everyone hates passwords. You use the same password or a version of that password for virtually everything. That’s definitely not a best security practice. But we can’t change consumer behavior. We can, however, mitigate consumer risk. Here’s where security analytics shines. Low risk consumers accessing low risk assets authenticate without friction. The consumer’s risk score is low. The asset risk score is low. Just let it go. On the other hand, high risk users accessing high risk assets are required to jump through flaming hoops to gain access – MFA, pin code, etc. The risk score dictates the control. So cool, so smart, and so easy to do with our security analytics platform. It’s called Risk Based Authentication. Check it out!
Execute Continuous Risk Mitigation
Risk is not something you stop. From an information security perspective, you can’t say, “our risk is over.” Risk isn’t a yes or no, it’s not something you can turn on or off. All you can do is put in place strategies and tactics to reduce risk. This is why you cannot have a point in time where you can accurately say, “we are risk free.” You must have a continuous risk mitigation strategy because there are always bad actors looking for new ways to infiltrate your borderless perimeter.
Acknowledge Time Is Not on Your Side
Right now, criminals and malicious insiders are executing cyber attacks at machine speed. You don’t have time to waste. You don’t have time, period. You need to act now, and you need the right products, people and processes. You also need a good partner. We are here to help. And, we offer an amazing process for quick starting your security analytics program. Give us five days and we’ll give you fast results. Contact us today to get started.
Gurucul Shortlisted for Best Behavior Analytics/Enterprise Threat Detection in SC Awards Europe 2019
|The College Admissions Scandal: Dethroning Privilege. The recent college admissions scandal making headlines is placing the spotlight on the inequitable treatment of children of privilege. Wealthy parents bribing college coaches and exam protectors to get their unqualified children into prestigious universities is reproachable. It has touched a chord that cannot be silenced. Read More.|
|ABCs of UEBA: D is for Data. The most effective User and Entity Behavior Analytics (UEBA) solutions leverage big data. Big data refers to large and complex data sets that traditional data processing application software cannot process effectively because of volume, velocity and variety. This was documented as part of big data’s original definition by Gartner’s Doug Laney in 2001. Those three V’s have since been expanded by other experts to include three more. Gurucul has further expanded that list. Read More.|
|A Nut Worth Cracking. We talk to a number of market research firms and meet with a lot of analysts. On this particular day, we met with an analyst who had a colorful vocabulary. We were talking about our Behavior Based Security Analytics platform and where we could make ground-breaking strides. In reviewing some opportunities, he got very excited about a particular strategy and said, “It’s a nut worth cracking.” We agree. Read More.|
|Gurucul Risk Analytics 7.0 Uses Machine Learning Models for Real-Time Threat Detection. Gurucul Risk Analytics (GRA) 7.0 provides real-time anomaly and risk detection across enterprise and cloud platforms/applications, networks, mobile endpoints, IoT devices, medical devices, and more. Additionally, this new version includes a vast library of machine learning models for threat detection. Read More.|
Oktane19. April 1-4, 2019. San Francisco, CA. Join us at the annual Okta user’s conference for a glimpse at our Okta integration.
FS-ISAC Annual Summit. April 28-May 1, 2019. Orlando, FL. As a gold sponsor, Gurucul will be presenting this year, “Closing the User Intelligence Gap Combining Identity with User Activity.” See you there!
Health-ISAC 2019 Spring Summit. May 13-17, 2019. Ponte Vedra Beach, FL. Gurucul will have a panel of healthcare customers presenting at this year’s Summit on “Behavior Based Security Analytics Best Practices”. Join us!