Name: Lessons Learned from Operational Insider Threat Programs
Start: 2022-05-10T14:00:00Z
End: 2022-05-10T14:00:35.000Z
Location: BrightTALK
Rating: 5

Gurucul is transforming enterprise security with user behavior based machine learning and predictive analytics. Using identity to monitor for threats, Gurucul provides Actionable Risk Intelligence™ to protect against targeted and under-the-radar attacks. Gurucul is able to proactively detect, prevent, and deter advanced insider threats, fraud and external threats to system accounts and devices using self-learning, behavioral anomaly detection algorithms.

Gurucul is backed by an advisory board comprised of Fortune 500 CISOs, and world renowned-experts in government intelligence and cyber security. The company was founded by seasoned entrepreneurs with a proven track record of introducing industry changing enterprise security solutions. Our mission is to help organizations protect their intellectual property, regulated information, and brand reputation from insider threats and sophisticated external intrusions.

For decades, security leaders have relied on Security Information and Event Monitoring — SIEM (“SIM”) as a key component of their Security Operation Centers. And while still relevant, SIEM solutions are in need of a makeover to keep up with modern threats and take advantage of emerging technologies like advanced analytics, AI, Machine Learning, and cloud-based services. That makeover is taking shape as the Intelligent SIEM Platform —  the next-generation of SIEM platforms. In this webcast from Gurucul you’ll hear from the author of the 2024 KuppingerCole Leadership Compass on Intelligent SIEM Platforms, of which Gurucul was an Overall Leader. Together they’ll discuss how Next-Gen SIEM platforms can: 

●    Incorporate behavior analytics with Machine Learning for high-fidelity threat detections 

●    Enrich any data with additional context for unified visibility and accelerated investigations 

●    Empower analysts with easier search capabilities, GenAI assistants and natural language processing (NLP) 

●    Leverage advanced security orchestration, automation, and response (SOAR) capabilities

KuppingerCole: Rise of the Intelligent SIEM: A Catalyst for SOC Modernization

While Generative AI has grabbed the attention of cyber security organizations, the line between what exists today, where things are going, and doomsday scenarios are increasingly blurred. This has made it challenging for many security teams to plan both tactically and strategically based on how AI has changed the threat landscape. 

In this webinar, we'll help you cut through the current noise that overzealous vendors and media create to focus on: 
1.  The current realities of how adversaries and security teams can leverage true AI capabilities 
2. The emerging usage of AI, specifically Generative AI, and how it impacts the threat landscape 
3.  The top use cases that organizations can plan for and use today in their initiatives to improve and optimize their threat detection, investigation, and response

Demystifying Hype: AI & Breach Prevention Detection, Investigation & Response

As organizations are adopting multi-cloud and hybrid cloud strategies to optimize IT infrastructure and increase availability, workloads and applications are increasingly distributed between on-premise infrastructure and multiple cloud providers, securing these environments becomes a critical priority. However, Hybrid and multi-cloud environments present unique challenges, making it difficult for security teams to detect and prevent targeted attacks. Data collection, multi-cloud vulnerabilities, and data privacy concerns are factors to consider. In fact, the BI firm, Statisa, reports Key stat: Statista reports that 86% of companies encounter difficulties in handling data across multi-cloud settings.

Learn about the top challenges and best practices for empowering security operations teams to better monitor these environments and prevent attackers from successfully breaching these complex architectures.

Eliminating SOC Challenges for Multi-Cloud and Hybrid Cloud Environments

Improving threat detection, investigation and response within your SOC requires the ability to optimize, accelerate and improve the accuracy across four key areas:

• Improve the Deployment, Ingestion and Operationalization of your SIEM
• Increase the Accuracy and Accelerate Detection of Attacks
• Validate the Attack Campaign by Eliminating Manual Investigation Steps
• Build Confidence Through a Dynamic, Risk-Prioritized Response

In this webinar, we'll cover how these areas are necessary for today's Modern SOC and how organizations can achieve these improvements through their SIEM.

Zero to SIEM in Seconds

Established User and Entity Behavior Analytics (UEBA) has become a critical capability for security operations in identifying known threats earlier and detecting unknown threats and new variants. While finding anomalous activity is important to provide an early warning into a potential attack campaign, combining that with identity analytics can better validate whether the anomaly is indicative of an attack. This unified set of analytics can greatly improve the efficacy of security operations in preventing a successful breach.

In this webinar, we'll explore how security teams can improve their threat detection and incident response plan with UEBA and Identity Analytics and cover the following:

- Introduction to UEBA why you need it
- How Identity Analytics can provide great value to the SOC
- How the combination can accelerate security operations
- Common use cases that can be optimized
- Quick Demo

Early Determination of Attack Risk with Behavioral and Identity Analytics

Observability solutions address several business problems by providing insights into application performance, system reliability, and the overall security posture of an organization's systems and applications. Its goal is to reduce the mean time to remediate (MTTR) and increase the mean time between failures (MTBF). This can happen only if operators can identify potential problems, performance issues, or security concerns, and help organizations proactively troubleshoot areas that impact availability.

Operations teams use observability to obtain a complete picture of the systems they are managing, ones that SecOps use to identify breaches and malicious activity. This can be extraordinarily challenging as infrastructure and data are more geographically distributed, within hybrid and multi-cloud dispersed data distribution centers, while continuing to support a hybrid workforce. With security lead observability, an organization can also expose the “unknown unknowns”—issues that were previously not known to have existed.

In this webinar, we will cover how security teams can extend the right SIEM for the following Observability use cases:
-  Downtime and Performance Issues that can prohibit incident awareness
-  Application Reliability and Performance Impacts across microservices and cloud infrastructure
-  Detection and Response of Security Threats and Incidents
-  Scalability Challenges with current SIEMs
-  Improved Compliance and Auditing

Enhancing Security Operations by Augmenting SIEM with Observability

Take your security operations to the next level by augmenting your current SIEM to seek less, find more, and reduce dwell time. 

Many companies struggle with their current SIEM. While good for compliance or log management use cases, they provide limited value against todays advanced threats. They are like a black hole of operational time and energy, from data ingestion to writing rules that require constant care and feeding, and lengthy swivel-chair investigations. These rule-based solutions swamp SOC analysts with alerts and false positives versus eradicating threats.

BUT legacy and traditional SIEMs have been around for a long time and are difficult to rip and replace with countless time, effort and money invested. There is no need to rip and replace - instead, augment it.

In this webinar we'll cover how you can improve your security operations efficiency by augmenting your SIEM to reduce dwell time. Learn more about the four pillars for augmenting your SIEM:
1) Better Security Visibility: Whether it is cloud, SaaS or some challenging format, we make even the most difficult data easy to ingest and 450+ integrations. 
2) High-fidelity Threat Detections: Move past static rule-based correlation models with Machine Learning-powered analytics and OOTB threat content.
3) Faster Investigations & Response: Speed time to response and reduce dwell time with AI assisted investigations, hunting and customizable response playbooks.
4) Improved Operational Efficiency: Save time with less rule writing and tuning, with full context and automate mundane tasks for faster investigations.

SIEM Augmentation: It's Time to Up Your SIEM Game

As the emergence of AI in 2023 has driven both the rapid deployment of Cyber Security Attacks and accelerated the corresponding response from security operations teams, we will continue see this impact as well as other changes to the security landscape in 2024.  

Come join us for this informative webinar that will help you prepare for the new year and new challenges to come. We’ll cover:

- The impact of AI on cyber threats and on the other side of the coin, how it can improve SOC team efficiency.
- How organizations are evolving Zero Trust to focus on Automation & Orchestration, and Visibility & Analytics
- The continued resurgence of Insider Threats and the dramatic increase in security budgets for more formalized programs even at small and medium enterprises.
- How MSSPs and MDRs growth and specifically value-added services will increase dramatically based on customer demands.
- Dramatic predicted increases in public-sector attacks and hacktivism

Predictions for 2024: Navigating New Cyber Security Challenges and Trends

Machine Learning (ML) is used to identify abnormal behavior and pinpoint malicious behavior. This webinar will show you how Gurucul uses adaptive and static ML models to identify two different MITRE attack stages: Lateral movement (T1110) and Valid/Default Account (T1078/001). In our demonstration, we'll run a basic model and identify an 'outlier' use case. 

During the webinar we'll address the following: 
• How ML models are used 
• How ML minimizes false positives 
• Why you can't rely on security alerts alone 
• Advantages of combining ML with security alerts 

Bring your questions!

How Machine Learning is Leveraged for Attack Detection Scenarios

The biggest challenge that enterprises face today is that SOC analysts get too many alerts with very little context which results in no actionable intelligence. Many security teams do random sampling of alerts. However, there is a risk of missing out on significant threats that require immediate attention. 

Tying together indicators of compromise and events into understanding an actual attack, then establishing the potential impact and the subsequent response is a painful and mostly manual process for most security operations teams. Identifying and establish risk to the organization must go beyond aggregating third party scores from intelligence sources or vulnerability assessments. 

In this webinar we'll cover how advanced risk scoring provides accuracy and confidence to guide security operations decisions. Gurucul's risk scoring model takes a holistic approach for computing risk. It uses a robust and flexible risk scoring framework which rolls up risk scores from multiple contributing elements and derives a normalized user and entity risk score. This risk score enables organizations to detect threats quickly with no manual threat hunting or use of rules or pattern matching.

How Contextual Risk Scoring Reduces Attack Response Time

Do the complexities of data ingestion leave your SIEM or XDR solution wanting for more? When it comes to data ingestion it sounds simple, but with the constant changes to security analytics platforms, 3rd party vendor modifications, lack of standards, and continuous changes to the data itself, ingestion can be anything but simple and easy. 

A SIEM solution that offers automatic ingestion and interpretation of any data source provides organizations with a powerful advantage in the ever-evolving cybersecurity landscape. Such flexibility enables security teams to seamlessly adapt to new technologies and data formats without the need for manual configuration, saving precious time and resources. 

This adaptability is particularly valuable in complex hybrid-cloud environments and geographically dispersed locations, where data sources may be diverse and continually changing. By effortlessly accommodating data from across the organization’s infrastructure, the SIEM ensures comprehensive visibility into potential security threats, regardless of where they originate. This capability enables security teams to stay ahead of emerging threats and respond swiftly to incidents, reducing the risk of data breaches and operational disruptions.

This webinar will walk you through the advantages of Gurucul's pipeline, demonstrating the creation and mapping of event data.

Decrease the Complexity and Cost of SOC Operations with Improved Data Ingestion

Difficulty in determining the right priority for patching vulnerabilities continues to be a challenge for both vulnerability and even security operations teams. The key is to determine which vulnerabilities are the most applicable to your environment, have the potential to be exploited and could cause the most damage. 

This is where it critical to go beyond current vulnerability management solutions by unifying visibility across all assets and effectively scoring and prioritizing vulnerability risk based on full context across all attack surfaces. 

In this demo we’ll show you how Gurucul can enrich your vulnerability scan results with telemetry across your entire attack surface. In addition, we’ll show you how we apply Risk-Chain Analysis powered by machine learning models to generate a risk score that is driven by contextual analysis of your entire attack surface combined with external vulnerability and threat intelligence. Lastly, we’ll show you how to generate prioritized playbooks for patching assets that are of the most immediate need to protect the organization from exploitation.

Contextual Vulnerability Prioritization & Remediation Across the Attack Surface

Insider Threats pose a significant threat to enterprises because they are authorized users that have no need to breach your perimeter. While identifying risk behavior early is critical, that does not always mean it will lead to malicious activity. For an insider threat security team to continue to evaluate whether a user’s risky behavior is appropriate to act on is much more complex and challenging than how a traditional security operations center works. It is important to work cross-functionally to build a program that must align technology, people, and processes to be successful. 

In this webinar, we will provide:

1.        Research into trends regarding insider threats
2.        The challenges with identifying insider threats
3.        How technology, people and process must work together to ensure a successful program that goes beyond just security or IT.

Threats From Within: A Programmatic Approach to Managing Insider Risk

The 2023 Insider Threat Report, produced by Cybersecurity Insiders, surveyed hundreds of cybersecurity professionals to reveal the latest trends and challenges facing organizations in today's everchanging threat landscape. The report explores how IT and cybersecurity professionals adapt to better deal with risky insiders and how organizations are preparing to better protect their critical data and IT infrastructure.

Key findings include:

  •  99% of organizations are vulnerable to insider threats 
  •  74% of organizations say insider attacks have become more frequent
  •  More than half of organizations have experienced an insider threat in the last year, and 8% have experienced more than 20
  •  53% say detecting insider attacks is harder in the cloud

Join us as we present the 2023 Insider Threat Report survey results. Viewers will gain a better understanding of the current state of cybersecurity and how organizations can better respond to the evolving insider risks in the cloud.

2023 Insider Threat Report: Presenting the Survey Results

Current SIEM solutions have numerous challenges supporting the needs of security operations teams as organizations continue to move and more of their applications and infrastructure into the cloud. While hybrid cloud infrastructure is complex enough to support,  many organizations have the requirement of supporting decentralized cloud architectures across geographic regions as well as multi-cloud architectures. 

In this webinar we'll cover the challenges most SIEM providers have in supporting these architectures as well as what features are necessary to fully support the needs of security teams in monitoring for threats and preventing breaches.

Effective Hybrid Multi-Cloud Monitoring for the SOC

Implementing Zero Trust is based on the desire to “never trust, always verify”. To start off, a unified set of identity analytics, that pulls across different identity solutions, is important for implementing understanding and analyzing your current identity and access posture. However, with so many threat actors leveraging stolen credentials, a sudden resurgence in insider threats and supply chain attacks via partners in this webinar we will discuss how identity analytics used in Zero Trust implementations can also be leveraged by SOC teams to incorporate Identity Threat Detection, Investigation and Response (ITDR) capabilities as part of their operations to help them thwart identity-based attacks. We will also have a short demo to follow.

Zero Trust Begins with Identity Analytics and Ends with ITDR

As insider threats have started to escalate in recent years, it is even more important to build and implement a successful insider threat program. However, to do this effectively requires a multi-disciplinary approach with a higher level of contextual analysis that is difficult to achieve today based on current solutions. Credential-based external attacks are also making it even more difficult for security teams to distinguish malicious insiders from external threat actors. Fundamentally, we must change how we look at insider risk and associated threats and implement new strategies to work cross-functionally to protect the organization from both insider and external threats.

In this session we will show you what is required to implement a new or improve an existing insider threat program. In addition, we will help you understand what sort of information and context you will need to better identify risks and accelerate the detection of insider threats before damage is done to your organization.

Improving Contextual Analysis for Protecting Organizations from Insider Threats

The SOC is in a never-ending race to collect and analyze data to make better decisions. Many factors can positively or negatively impact their success. In this webinar, we’ll discuss four trends that are shaping the future of security operations, including how to:

 - Automate repeatable decision making processes
 - Operate at speed and scale with full data and risk visibility
 - Use AI/ML to facilitate investigations and improve MTTD and MTTR
 - Aggregate telemetry and security-relevant data from diverse sources

Top 4 Trends for the SOC

Join Gurucul’s customer for a discussion on lessons learned operationalizing Insider Threat Programs. With proven strategies and tactics, organizations can get to the point where they are able to remediate insider threats in real-time or at least before data is exfiltrated.

Insider threats are a serious concern, and they are on the rise. What's new are the threat vectors that have presented themselves in recent months. Work from home employees, staff reduction, reduced hours, or furloughed insiders; the unfortunate reality is that insider risk is certainly on the rise. The expansion of work from home policies means more employees accessing corporate networks and data over public networks using personal devices. Every organization needs to update its Insider Threat Program or at minimum, implement basic monitoring controls.

Lessons Learned from Operational Insider Threat Programs

Operational Performance

Insider Threat

Insider Risk

Remediation

Real Time Analytics

Real Time Response

Threat Analysis

Remote Workstation

Monitoring

Cyber Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

Healthcare

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Lessons Learned from Operational Insider Threat Programs

Presented by

About this talk

More from this channel