Request a Demo

Request a Demo

Charles Blauner on rethinking the insider threat space with Reveal Security

Charles Blauner, Strategic Advisor and Retired CISO:

“The intended outcomes are the same. UEBA had the intended outcome of helping us understand when human beings inside an organization – either in their own persona, or in a captured persona – are behaving badly. It failed because it created a high false positive rate, which meant that the work you created outweighed the value you generated. And so as a set of products it faded away into the environment and folks like Gartner start to describe it just as a feature in the SOC.

Insider threat detection should be one of the critical feeds into a SOC. The difference here is in the quality of the data, and for the fact that you now have for the first time an opportunity to go back and rethink this insider threat space, but with a much higher likelihood of success, with a much lower negative impact on your operations, and with the higher fidelity reporting much higher value being delivered, because what you’re finding is legitimate bad activity that is putting your company at risk.”

Transcript

00:01

if you think about the intended outcomes the intended outcomes are the same all right uba had the intended outcome of helping us understand when human beings inside of our organization either in their own Persona or in a captured Persona or Behaving Badly all right

00:22

it failed primarily because it was too Limited in scope of what it looked at and it failed because it created a high false positive rate which meant that the work you created outweigh the value you generated right and so as a set of products in some sense it’s sort of faded away into the environment

00:50

and folks like Gartner start to describe it just as a feature in the sock um that’s not necessarily wrong all right you Insider threat detection should be one of the critical feeds into Assad the difference here is in the quality of the data right and the fact that you now

01:14

actually have for the first time an opportunity to go back and rethink this Insider threat space uh but with a much higher likelihood of success all right with a much lower negative impact on your operations and with the higher Fidelity reporting a much higher value being delivered

01:40

because what you’re finding is legitimate bad activity that is putting your company at riskadd a notejump to

More Videos

LifeLabs & Reveal Security

“I feel a lot more comfortable being able to sleep well knowing that our environments are protected… Reveal gives us an extremely accurate representation of how users and identities are interacting with our data and our applications systems”

Poste Italiane & Reveal Security

“We saw something with the standard tools that we were not able to see. We saw the anomaly starting before creating damage.”

Jim Routh on what makes Reveal Security unique

“Model-driven security gives us the capability to understand deviation of pattern, measure it precisely, and trigger automation at specific thresholds, operating in close to real-time across the enterprise at scale.”