IANS Forum Toronto: Operationalizing Security Analytics in the Real World

Keynote presentation by Interset CTO Stephan Jou discussed the power of unsupervised machine learning to accelerate threat detection.

Interset CTO Stephan Jou delivered a lunchtime keynote presentation at IANS Forum Toronto last month, discussing how companies can operationalize big data security analytics. He took attendees on a journey to discover how AI security analytics, such as Interset’s threat detection platform, can help organizations connect their fragmented security ecosystems, increase risk visibility across the enterprise, and analyze billions of events to identify the handful of threat leads that really matter.

Here are a couple of top hitter questions from the audience.

Q: From an operational perspective, how does Interset deal with people inside of an organization moving around? This especially important given that large enterprises have large volumes of people joining and leaving.

A: Interset has several hundred models in a fully deployed system. When a person changes roles, their behaviors don’t necessarily change. They may change the file shares they access, but not the tools they use or their processing of using a VPN when accessing the system. The more models that indicate a change, the more likely it is that an account has been compromised by a different person, not someone who changed roles. So operationally, you may not need to do anything at all. If you do need to make adjustments, connecting entity importance to an HR system is an easy job.

Q: How does Interset compare to security and information event management (SIEM) systems? If we have a SIEM do we really need Interset?

A: Interset connects fragmented security systems—including SIEMs, DLP, IAM, etc.—and augments existing security investments. Many analytics vendors advocating replacing SIEMs altogether, but we believe our security analytics solution can help you derive more value from your SIEM. SIEMs are great for centralizing, normalizing and managing logs for investigative purposes. But these systems rely on static rules and thresholds that cannot keep up with today’s rapidly changing threat landscape. This is where Interset’s unsupervised machine learning models—which are self-learning and can adapt to changing environments and threats—gives organizations an enormous advantage. Leveraging a SIEM as a data source for Interset’s security analytics gives you the best of both worlds. You can learn more about how Interset augments SIEMs like McAfee ESM in our blog, “Don’t Replace Your SIEM–Embrace it with Security Analytics.”

If you have any questions and would like to learn more about how Interset can help you operationalize security analytics in your organizations, don’t hesitate to reach out to us via email or social media. You can also catch us live at IANS Forums in other locations this year. Check out our upcoming events to see where we’ll be.