OTTAWA, ON--(Marketwired - Feb 14, 2017) - CISOs, security and risk management leaders considering User and Entity Behavior Analytics (UEBA) to improve their organizations threat detection capabilities can learn more about this key technology driving enterprise security in an in-depth interview with Stephan Jou, CTO at Interset. An Intel Security Innovation Alliance Partner, Interset was recently named a 2016 DEVCON Rookie of the Year for its strong partnership and integration based on the McAfee Data Exchange (DXL), Intel's architecture for enabling an adaptive security ecosystem. The interview is conducted by D.J. Long, head of the Intel Security Innovation Alliance and is posted on McAfee's "Securing Tomorrow" blog.
Interset will be at RSA 2017 Feb 13-17 in the North Hall, Booth 4414, and in the Intel Booth N3801 as part of Intel's Intelligent Security Ops Enterprise Security Manager solutions. Schedule a meeting to learn more about the Interset Security Analytics Platform.
According to Interset CTO Jou, key areas of consideration for UEBA buyers include:
- Scalability - Watch out for claims of big data support. A big data platform is more than just a single or a few components--Hadoop distribution support or the use of Elasticsearch alone do not make a big data platform.
- Multiple classes of data - Account compromise is only one stage in the attack chain, so focusing on that alone will result in limited threat visibility. Support for only AD & IAM data sources is not sufficient.
- Entities - Users/accounts are entities, but so are machines, files, and applications. UEBA must be able to determine which files, machines, and applications are also most at risk.
- Breadth of mathematics - Advanced analytics are not rules and do not require thresholds. Their use requires knowing what to look for, which limits threat surface coverage.
- Extensible engine - The intelligence of a UEBA tool can be measured by extensibility, yet many UEBA approaches are limited to account compromise and the access anomalies of an insider attack. A smart UEBA engine can easily cover new threat surfaces and new use cases.
"Investing in a UEBA solution can significantly improve threat detection and response over the long term," said Jou. "The UEBA engine can literally become the automated threat detection brain of your security architecture if the analytics engine is extensible." Added Jou, "But beware of UEBA approaches that demand you 'Dump your SIEM' or spend money customizing your deployment to make up for product limitations. Interset is seeing great success in working with SIEMs, and we believe Security Analytics is a powerful force multiplier for security operations."
Interset provides a big data, machine learning-based security analytics platform for enterprise-scale threat detection across multiple use cases, including inside threat, targeted attack detection, EDR, SIEM optimization, and fraud detection. Interset is the In-Q-Tel and U.S. Intelligence Community vendor of choice for UEBA.
Interset provides highly intelligent, accurate insider and targeted outsider threat detection. Our solution unlocks the power of user behavioral analytics, machine learning, and big data to provide the fastest, most flexible, and efficient way for IT teams to operationalize a data-protection program. Utilizing agentless data collectors, lightweight endpoint sensors, advanced behavioral analytics, and an intuitive user interface, Interset provides unparalleled visibility to high risk events. This enables early attack detection and actionable forensic intelligence with reduced false positives and noise. Interset solutions are deployed to protect critical data across the manufacturing, life sciences, high-tech, finance, government, aerospace and defense, and securities brokerage industries.
For more information, visit Interset.com and follow us on Twitter @intersetca.