Black Hat 2019 Recap: UEBA, Correlation, and Commitment

The Interset and ArcSight team joined security pros in Las Vegas for two days of in-depth conversations about proactive and powerful threat detection.

Interset Staff at Black Hat 2019

Last week, I joined my Interset and Micro Focus colleagues at Black Hat 2019 in Las Vegas, Nevada. Black Hat is always an exciting show: exciting presentations, valuable networking, and, most importantly, in-depth discussions with real security professionals about their security needs.

We spent two days on the show floor having detailed discussions with attendees about how our user and entity behavioral analytics (UEBA) can help companies take a more proactive security posture. With UEBA, security operations center (SOC) teams, can automatically and continuously monitor for unusual behavior in their organization that might indicate a serious security threat. This approach, which is powered by unsupervised machine learning, gives SOC analysts the ability to detect even notoriously difficult-to-find threats, such as insider threats or targeted outsider attacks. 

Interset Booth at Black Hat 2019

The value of UEBA seems to resonate with security pros we talk to, and the same was true at Black Hat this year. What’s more, attendees were also keen to learn about how Interset’s UEBA will be “joining forces” with the powerful real-time correlation engine in Micro Focus ArcSight. Both UEBA and correlation are critical functions in any SecOps strategy; combined, they can deliver supercharged threat detection. Real-time correlation is able to quickly and effectively find the known threats, while UEBA susses out subtle, unknown threats that may otherwise escape rules and thresholds. Both approaches are needed because real-world threat scenarios don’t always fall neatly into one category. 

This conversation seemed to hit the nail on the head for attendees who visited our booth. Modern SOCs are battling wars on multiple fronts, and a holistic approach that covers many bases is the only practical solution to not just keep up with but stay ahead of today’s creative adversaries. My colleague recently wrote a detailed blog about reducing security blind spots with UEBA and correlation, so be sure to check it out if you haven’t already. 

What was also a really important takeaway for us from the show is the fact that it wasn’t just the technology aspect that seemed to resonate with attendees but also attitude. When companies invest in technology, it shouldn’t just be a transaction, it should be a partnership. Our customers’ success is our success, and that requires commitment, even if it means giving the shirt off your back—something our ArcSight colleague actually did for a Black Hat attendee who had missed out on grabbing one our special t-shirts (pictured above). It was a small gesture, but the attendee’s response of excitement, gratitude, and genuine surprise was one that hit home for us. We believe in being a partner to our customers, not just a vendor. For as long as we can remember, the bad guys have been much better at collaborating than the good guys. That’s why we believe in doing our part to ensure that our community knows we’re all in this together.