IANS Charlotte & D.C: Understand the Problem Before You Choose the Solution

View our presentation slides and see top attendee questions and answers

Interset at IANS

If you’ve been following us on social media, you’ll know that Interset has been traveling throughout the year to speak at IANS Information Security Forums across the continent. I recently spoke at the IANS Forums in Charlotte and Washington, D.C.—our last two IANS stop of the year. We took these final opportunities to dive deeper into how to recognize the right type of AI for the job at hand and share practices for operationalizing big-data security analytics.

We appreciate events like these because they give us a chance to share our passion for Interset’s technology in our keynote sessions and hear first-hand what challenges practitioners are facing in smaller breakout technology sessions. We had a great turnout at both events, but if you were unable to make it, you can view my keynote presentation slides below along with a few important questions we received from attendees and our responses.


Q: How long until the machine can learn “normal”?

A: Time can vary from customer to customer and model to model, but as a rule of thumb, we advise 30 days’ worth of historical or live data to give machine learning models time to get to know an organizations’ environment and establish baselines or “normal.”

Q: Is Interset on-premise or in the cloud?

A: Our platform is built on an open-source, big-data architecture, which means that it can be deployed on-premise or in the cloud and which provides much-needed scalability and flexibility. We’re keenly aware of the growing demand for running analytics in the cloud in order to reduce cost, and we’re actively innovating to deliver a solution that’s not only able to be deployed in the cloud but optimized for the cloud. Check out some of Interset CTO Stephan Jou’s thoughts on the future of cloud-first UEBA.

Q: Do you need to install endpoint agents?

A: Endpoint agents are optional, and are not required. Interset’s endpoint behavioral analytics can work with different types of log data that you already collect, including your existing endpoint agents. There is no need to install a new one. For example, Interset offers a UEBA service for CrowdStrike users, allowing them to add a new lens to their rich endpoint data to help spot hidden threats. Learn more about Interset’s endpoint capabilities.

Q: What kind of data do you support?

A: Interset is able to support a wide range of data types. Our customers commonly leverage our analytics for use with Active Directory, repository logs, Web Proxy, and endpoint data—depending on their desired use cases. Read more about the use cases that Interset supports.