Artwork for podcast The Cybersecurity Readiness Podcast Series
Detecting Malicious Insider Threats by Monitoring User Journeys
Episode 3414th September 2022 • The Cybersecurity Readiness Podcast Series • Dr. Dave Chatterjee
00:00:00 00:27:24

Share Episode

Shownotes

Insider threats are often considered the biggest risk for organizations because they can cause the most destruction. Survey reports, and studies, have found that organizations have spent millions of dollars to recover from insider threat attacks. Proactively detecting and thwarting such threats is a critical aspect of robust information security governance. Doron Hendler, CEO, and Co-Founder at RevealSecurity, sheds light on a context-based detection model that analyzes activity sequences performed when using an application. According to Doron, this User Journey Analytics method is a ubiquitous detection model that can be applied to any SaaS and custom-built application. Since no rules are required, it eliminates the need to fully understand the application business logic.


Time Stamps

01:23

First, let's talk about your professional journey before we get into the details of insider threats, detection challenges, and solutions.

03:27

Doron, would you like to add to the reasons why we are having this discussion?

07:29

So, Doron, going back to monitoring using technology, share with the listeners what was the traditional method, what were some of the weaknesses of the traditional method, and what you and your company are offering by way of your platform.

12:23

So given this move to these more advanced, more sophisticated solutions, for folks who are listening in on this conversation, CISOs of companies who have the authority to make purchasing decisions, how do they go about evaluating the different products out there? What should they be looking for in terms of what would work best for their context for their environment? Any advice? Any suggestions?

14:34

What could be possible shortcomings of the user journey analytics approach?

17:26

If a company was going to adopt this (User Journey Analytics) technology platform, what kind of changes does it require? From a change management standpoint, what should an organization be prepared for?

19:13

When the user journey is different from the normal user journey, let's say abnormal user journeys are detected, how does the alert system work? Who is alerted? And is there a way of capturing or documenting whether organizations respond to those alerts?

21:57

How do you convince a potential buyer or potential customer to adopt this new technology solution? What does it take to convince them? What have you experienced when you have engaged with prospective customers? What are their concerns when they're evaluating such platforms?

24:53

I'd like to give you the opportunity to wrap it up for us with some final thoughts and advice.


Memorable Doron Hendler Quotes/Statements

"The highest risk in today's organizations, in our digital transformation, is our identities."

"If you cannot trust anyone, you have to monitor, you have to track, and you have to learn how to do this quickly, accurately, and automatically."

"Today's solution around detections, which are based on rules, basically provide very, very limited, ineffective detection, in the application layer."

"Accuracy comes with context, if you understand the context, you will have much better accuracy."

"This technology will offer a solution which is frictionless, that doesn't require major (organizational) changes or any changes."


Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

Transcripts

Introducer:

Welcome to the Cybersecurity Readiness Podcast

Introducer:

series with Dr. Dave Chatterjee. Dr. Chatterjee is the author of

Introducer:

the book Cybersecurity Readiness: A Holistic and

Introducer:

High-Performance Approach, a SAGE publication. He has been

Introducer:

studying cybersecurity for over a decade, authored and edited

Introducer:

scholarly papers, delivered talks, conducted webinars and

Introducer:

workshops, consulted with companies and served on a

Introducer:

cybersecurity SWAT team with Chief Information Security

Introducer:

officers. Dr. Chatterjee is Associate Professor of

Introducer:

Management Information Systems at the Terry College of

Introducer:

Business, the University of Georgia. As a Duke University

Introducer:

Visiting Scholar, Dr. Chatterjee has taught in the Master of

Introducer:

Engineering in Cybersecurity program at the Pratt School of

Introducer:

Engineering.

Dr. Dave Chatterjee:

Hello, everyone, I'm delighted to

Dr. Dave Chatterjee:

welcome you to this episode of the Cybersecurity Readiness

Dr. Dave Chatterjee:

Podcast Series. Our discussion today will revolve around

Dr. Dave Chatterjee:

insider threats, and how to proactively detect and thwart

Dr. Dave Chatterjee:

this form of malicious attack. I'm indeed fortunate, in fact,

Dr. Dave Chatterjee:

we are fortunate to have with us Mr. Doron Hendler, CEO and

Dr. Dave Chatterjee:

Co-Founder of RevealSecurity. Welcome Doron!

Doron Hendler:

Hello, welcome. Hi, Dave, thank you for inviting

Doron Hendler:

me.

Dr. Dave Chatterjee:

Sure, sure. Looking forward to learning a

Dr. Dave Chatterjee:

lot from you about your journey. So let's do that first. Let's

Dr. Dave Chatterjee:

talk about your professional journey before we get into the

Dr. Dave Chatterjee:

details of insider threat, detection challenges, and

Dr. Dave Chatterjee:

solutions.

Doron Hendler:

So I'm in the High Tech for more than 30 years

Doron Hendler:

doing different types of journeys in different

Doron Hendler:

industries, different skills. Basically, I've done business

Doron Hendler:

and traveling from almost Australia to Brazil and did

Doron Hendler:

businesses across companies, across industries, in different

Doron Hendler:

geographies. And I was fortunate to get into RevealSecurity

Doron Hendler:

mainly because, a few years ago, I was a social engineer, then by

Doron Hendler:

mistake, I was hacked by somebody that called me and by

Doron Hendler:

mistake, I made a terrible mistake by not notice that

Doron Hendler:

somebody is social engineering me and I consider myself as a

Doron Hendler:

sophisticated user. And when I called to this insurance company

Doron Hendler:

that I realized that I've been hacked, I told them what

Doron Hendler:

happened. And I asked them to basically close my online portal

Doron Hendler:

and credentials and reset my credentials. And they did so.

Doron Hendler:

And when I spoke to the CISO, she was telling me that I don't

Doron Hendler:

have to be worried. And I asked her why. And she said, because

Doron Hendler:

it happens to so many different people, even the sophisticated

Doron Hendler:

one, and I asked her how come you don't have any technology

Doron Hendler:

solution in place that can detect that somebody is

Doron Hendler:

basically impersonating and doing malicious activities on my

Doron Hendler:

behalf on my name. And she said that they do have technology,

Doron Hendler:

however, it takes them forever to detect and once they detect

Doron Hendler:

it's already weeks after the incidents, and it's not

Doron Hendler:

accurate. And it's it's it's a problem. And when I heard that

Doron Hendler:

this is a problem, I thought to myself, alright, this is an

Doron Hendler:

opportunity. And this is how we started RevealSecurity. David

Doron Hendler:

and myself, my co-founder and partner along alongside with

Doron Hendler:

Adi, who is System Architect.

Dr. Dave Chatterjee:

Fantastic. So that's great that you

Dr. Dave Chatterjee:

experienced something which motivated you to address a need.

Dr. Dave Chatterjee:

And I can't emphasize enough how important it is to develop

Dr. Dave Chatterjee:

solutions, whether that involves a specific technology, process,

Dr. Dave Chatterjee:

people, whatever that might be, because we could do with all the

Dr. Dave Chatterjee:

help that's necessery. I'd like to give the listeners a little

Dr. Dave Chatterjee:

bit of a background on insider threats, and then I'll turn it

Dr. Dave Chatterjee:

over to you because you are the expert here. So, as our

Dr. Dave Chatterjee:

listeners must be aware, insider threats are often considered the

Dr. Dave Chatterjee:

biggest risk for organizations because they can cause the most

Dr. Dave Chatterjee:

destruction. In fact, survey reports, studies, have found

Dr. Dave Chatterjee:

that organizations have had to spend millions of dollars to

Dr. Dave Chatterjee:

recover from insider threat attacks. And if you think of

Dr. Dave Chatterjee:

some of the well known attacks, probably the GE attack will come

Dr. Dave Chatterjee:

to mind, where employees stole trade secrets to gain a business

Dr. Dave Chatterjee:

advantage. Then we are also very familiar with the Capital One

Dr. Dave Chatterjee:

breach, which happened in 2019, which was carried out by a

Dr. Dave Chatterjee:

former software engineer from Amazon Web Services, which was

Dr. Dave Chatterjee:

basically the hosting company for Capital One. I also was

Dr. Dave Chatterjee:

intrigued to read about a disgruntled employee who was

Dr. Dave Chatterjee:

able to gain access to Tesla CEO Elon Musk's privileges to make

Dr. Dave Chatterjee:

direct code changes to the Tesla manufacturing operating system

Dr. Dave Chatterjee:

under false usernames and exporting large amounts of

Dr. Dave Chatterjee:

highly sensitive Tesla data to unknown third parties. So these

Dr. Dave Chatterjee:

are very concerning. Doron, would you like to add to the the

Dr. Dave Chatterjee:

reason why we are having this discussion?

Doron Hendler:

So rightfully said Dave, the highest risk in

Doron Hendler:

today's organizations in our digital transformation is our

Doron Hendler:

identities. So in many of the cases, we're moving from known

Doron Hendler:

people that work in the office on a day to day basis, to

Doron Hendler:

identity, digital identities, this is a digital world. And the

Doron Hendler:

ability to actually understand who does what in our corporate

Doron Hendler:

business application is one of the major challenges in today's

Doron Hendler:

world. Because once you move to the cloud, once you move to SAS,

Doron Hendler:

it's it's all about you and the application and what you do. If

Doron Hendler:

you connect more applications from a marketplace, then

Doron Hendler:

basically you enrich the connectivity and data and flows

Doron Hendler:

and activities between applications, and the one that

Doron Hendler:

knows all of our all of our secrets, and all of our

Doron Hendler:

solutions that basically should protect ourselves, are the

Doron Hendler:

people that have the privileges and the ones that that actually

Doron Hendler:

knows, and protect us, I like to give this analogy for the guard

Doron Hendler:

that basically sits and in the entrance of many offices, this

Doron Hendler:

guard knows about all the alarm systems, and all the checkups,

Doron Hendler:

and all the procedures in order to do this monitoring. But what

Doron Hendler:

happens if we cannot trust this guard? What happens if this

Doron Hendler:

guard is doing malicious activity? How would you if you

Doron Hendler:

cannot trust this guy? And at the end, people say, okay, but

Doron Hendler:

are you monitoring your internal employees? Are you monitoring

Doron Hendler:

your partners? So now I'm trusting my systems to basically

Doron Hendler:

monitor privileged accounts and accounts and actions. And I'm

Doron Hendler:

looking for anomalies because I want to protect the company, I

Doron Hendler:

want to protect our business, collectively, me as a security

Doron Hendler:

officer or, or as an executive. And one of the challenges is if

Doron Hendler:

you cannot trust no one, and you have to monitor and you have to

Doron Hendler:

track and you have to learn how do you do this quickly,

Doron Hendler:

accurately and automatically.

Dr. Dave Chatterjee:

True, very true. And you mentioned trust,

Dr. Dave Chatterjee:

and hope you will agree that we are moving in the direction of

Dr. Dave Chatterjee:

Zero Trust, that yes, we should be trusting people who are

Dr. Dave Chatterjee:

working for an organization who are loyal to the organization or

Dr. Dave Chatterjee:

holding responsible positions. But there is enough evidence to

Dr. Dave Chatterjee:

suggest that things happen in people's lives, people get

Dr. Dave Chatterjee:

fired, people have tough economics times, which often

Dr. Dave Chatterjee:

serve as a motivator to engage in disruptive acts. So

Dr. Dave Chatterjee:

therefore, it is imperative that organizations arm themselves for

Dr. Dave Chatterjee:

lack of a better word with the best possible solution,

Dr. Dave Chatterjee:

technology solution, which will do the work for them, whereby

Dr. Dave Chatterjee:

everybody is being monitored. So there is no discrimination of

Dr. Dave Chatterjee:

any sorts, where technology is being used to monitor, carefully

Dr. Dave Chatterjee:

monitor. So, Doron, going back to monitoring using technology,

Dr. Dave Chatterjee:

share with the listeners, what was the traditional method, what

Dr. Dave Chatterjee:

were some of the weaknesses of the traditional method, and what

Dr. Dave Chatterjee:

you and your company are offering by wave of your

Dr. Dave Chatterjee:

platform.

Doron Hendler:

So today's detection technology,

Doron Hendler:

predominantly, in the application space, I would say

Doron Hendler:

based on rules. Now rules are were set and developed mainly

Doron Hendler:

around patterns and scenarios, which have been identified, that

Doron Hendler:

been identified by the corporate in the business as things that

Doron Hendler:

you should not do or users should not do. So there were

Doron Hendler:

listing all the things that people should not do. And if

Doron Hendler:

they are doing this, the rule will flag it. The challenge with

Doron Hendler:

this is that there is a limit to what we as human beings can

Doron Hendler:

think of, of what potential scenarios may happen because

Doron Hendler:

there is a limit, and you may skip some, one, few. And also

Doron Hendler:

this approach of us thinking of what potentially may happen, is

Doron Hendler:

not scalable across so many different applications? And

Doron Hendler:

today, in our digital world, where applications are a click

Doron Hendler:

away and you can adapt new system, new CRM, new SAP, a new

Doron Hendler:

ERP system and so forth, many of the applications are only a

Doron Hendler:

click away. How can you imagine that you will know the business

Doron Hendler:

logic and the patterns of what can be done or what should not

Doron Hendler:

be done across so many different applications. So the current

Doron Hendler:

solution, today's solution around detections, which are

Doron Hendler:

based on rules, basically provide very, very limited,

Doron Hendler:

ineffective detection, in the application layer. Also, it's

Doron Hendler:

not accurate, which means it generates very high number of

Doron Hendler:

false positives. So you need much more, many more people to

Doron Hendler:

go through this alerts to understand if these things

Doron Hendler:

really happened. So you have to separate and identify the false

Doron Hendler:

positive and, and the real incidents. So the industry have

Doron Hendler:

moved into a much more accurate detection, which is based on

Doron Hendler:

context. Just to give you an example, one of the first

Doron Hendler:

companies that was thinking in moving into a sequence in

Doron Hendler:

context was Cisco, when they introduced NetFlow. NetFlow was

Doron Hendler:

one of the first product in the market that Cisco introduced,

Doron Hendler:

that was actually doing the shift from analyzing single

Doron Hendler:

activity single packet into a sequence of packets. Why,

Doron Hendler:

because Cisco was saying accuracy comes with context, if

Doron Hendler:

you will understand the context, you will have much better

Doron Hendler:

accuracy. The same things happens also, with end-points.

Doron Hendler:

Detection started with antiviruses, and slowly moved

Doron Hendler:

into EDR, extended detection response, looking into

Doron Hendler:

processes, into flows. So we at RevealSecurity was following

Doron Hendler:

that trends and developing what we call user journey analytics

Doron Hendler:

in the application. So we actually monitoring the journeys

Doron Hendler:

in the activity, the sequences of who does what in the

Doron Hendler:

applications and using or developed based on our very

Doron Hendler:

unique machine learning unsupervised clustering engine,

Doron Hendler:

we are able to differentiate and learn per user multiple behavior

Doron Hendler:

profiles, it's normal behavior profiles. And if something

Doron Hendler:

different happens, we can flag it and say, hey, there is

Doron Hendler:

something different here from your normal activities. And then

Doron Hendler:

you can investigate quickly and accurately why what was the

Doron Hendler:

reason for that? So moving from all traditional context into

Doron Hendler:

journeys, context, user journeys analytics, it's actually brings

Doron Hendler:

a totally new dimension of very accurate detections or reducing

Doron Hendler:

the signal to noise ratio, as we like to say, automatically and

Doron Hendler:

quickly. And that's, that's the name of the game around

Doron Hendler:

detection. And that's what is needed today.

Dr. Dave Chatterjee:

Very interesting. So essentially, if

Dr. Dave Chatterjee:

I could summarize what you said, that there is a clear move from

Dr. Dave Chatterjee:

user behavior analytics to user journey analytics. Rule based

Dr. Dave Chatterjee:

solutions, don't work, statistical analysis to augment

Dr. Dave Chatterjee:

rule based solutions are also found to be not very effective.

Dr. Dave Chatterjee:

Very interesting. So given this move to these more advanced,

Dr. Dave Chatterjee:

more sophisticated solutions, for folks who are listening in

Dr. Dave Chatterjee:

on this conversation, CISOs of companies who have the authority

Dr. Dave Chatterjee:

to make purchasing decisions. How do they go about evaluating

Dr. Dave Chatterjee:

the different products out there? What should they be

Dr. Dave Chatterjee:

looking for, in terms of what would work best for their

Dr. Dave Chatterjee:

context for their environment? Any advice? Any suggestions,

Doron Hendler:

The best advice I can give your listeners is they

Doron Hendler:

have to try it. So analytics and machine learning, it's a lot of

Doron Hendler:

trial and errors. It's a lot of mathematics, it doesn't work on

Doron Hendler:

every scenario on every applications. And my

Doron Hendler:

recommendation and my advice is that you should be able to try.

Doron Hendler:

Once you try this, some of the success criteria can be the

Doron Hendler:

number of false positives, number of false negatives, how

Doron Hendler:

accurate, how easy it is to investigate, can it be applied

Doron Hendler:

to any application or specific application, can it be applied

Doron Hendler:

to situations that you have between applications, for

Doron Hendler:

example, today, you have identity providers, like Single

Doron Hendler:

Sign On providers and then you move to another applications how

Doron Hendler:

you can call it all of the sequences between the

Doron Hendler:

application, how do you how do you analyze all of this journey?

Doron Hendler:

So, trying, understanding, and analyzing the results are my my

Doron Hendler:

advice to many of the listener, that they need to try this they

Doron Hendler:

need to see actually how system is working and then come to the

Doron Hendler:

conclusion what works for them best.

Dr. Dave Chatterjee:

Very good, very good! Now, you mentioned

Dr. Dave Chatterjee:

about use of machine learning to analyze to monitor analyze user

Dr. Dave Chatterjee:

journeys. Now, we all know that even machine learning is an

Dr. Dave Chatterjee:

evolving technology and the effectiveness of machine

Dr. Dave Chatterjee:

learning techniques and outcomes depends on gathering good

Dr. Dave Chatterjee:

quality data. So there are there are challenges with the machine

Dr. Dave Chatterjee:

learning approach. So given that, just like you said, the

Dr. Dave Chatterjee:

user behavior analytics approach has shortcomings, what could be

Dr. Dave Chatterjee:

possible shortcomings of the user journey analytics approach.

Doron Hendler:

So the user journey analytics in the end,

Doron Hendler:

it's very much relies on the fact that you have a journey.

Doron Hendler:

Sometimes in some applications, for example, transferring money,

Doron Hendler:

if you transfer from money from point A to point B, there is no

Doron Hendler:

journey, there is no process. Then you need to apply a

Doron Hendler:

different modeling, a supervised modeling, like what like in the

Doron Hendler:

industry. So user journey analytics, it's applicable to

Doron Hendler:

application that has process, that there are different

Doron Hendler:

options. So the user has different journeys in different

Doron Hendler:

application, even if for the same application, you can, you

Doron Hendler:

may do different things in different ways. And if it's

Doron Hendler:

based that the user has a variety of options to do

Doron Hendler:

different things. So user journey analytics is applicable

Doron Hendler:

for cases and use cases where there are processes. Once you

Doron Hendler:

have a process, it means that you have a sequence, sequence of

Doron Hendler:

activities, sequence of activity represent a journey. And this is

Doron Hendler:

something that with the right machine learning and clustering

Doron Hendler:

that is able to cluster based on similarity, similar sessions,

Doron Hendler:

then technology like this can be very, very effective. It has its

Doron Hendler:

own challenges, because clustering needs data to be

Doron Hendler:

accurate. And this is exactly one of the challenges in the

Doron Hendler:

industry. Not all the clusters or the unsupervised clustering

Doron Hendler:

engine are good for such scenarios. So my recommendation

Doron Hendler:

is to find the company that really developed a dedicated

Doron Hendler:

custom built dedicated clustering engine for security

Doron Hendler:

purposes. And not using off-the-shelf or open source

Doron Hendler:

solutions, as opposed to developing a dedicated

Doron Hendler:

mathematical clustering engine that is able to cluster a high

Doron Hendler:

number of data points or sequences accurately,

Doron Hendler:

automatically, with zero configuration, that itself all

Doron Hendler:

this profile by itself, self learning, and continuously

Doron Hendler:

updating the profiles or creating new profiles as data

Doron Hendler:

comes in. And that's the important, build an accurate

Doron Hendler:

automatic machines that can save you money, time and effort.

Dr. Dave Chatterjee:

Right, right. So another question that

Dr. Dave Chatterjee:

comes to mind. When organizations adopt a new

Dr. Dave Chatterjee:

technology, a new technology platform, it's not if one can

Dr. Dave Chatterjee:

assume that, yeah, I've adopted it, I'm going to see results,

Dr. Dave Chatterjee:

the organization also has to be prepared has to make certain

Dr. Dave Chatterjee:

adjustments to the way they operate, whether it's from a

Dr. Dave Chatterjee:

process context, from a people context, or from the existing

Dr. Dave Chatterjee:

technologies, how they interface with the new technology

Dr. Dave Chatterjee:

platform. So the organization has to make some adjustments. So

Dr. Dave Chatterjee:

if if a company was going to adopt this technology platform

Dr. Dave Chatterjee:

this, which provides these user journey analytics, what kind of

Dr. Dave Chatterjee:

changes does it require? Like from a change management

Dr. Dave Chatterjee:

standpoint, what should an organization be prepared for?

Dr. Dave Chatterjee:

Does that make sense?

Doron Hendler:

I have to say this Dave, my recommendation is

Doron Hendler:

that technology will adapt itself for the organization,

Doron Hendler:

because the probability that the organization will change for

Doron Hendler:

specific technology is slim. So one of the requirements is that

Doron Hendler:

this technology will offer a solution which are friction,

Doron Hendler:

frictionless, that doesn't require major changes or any

Doron Hendler:

changes. So, to my point of view, that's that's my

Doron Hendler:

recommendation. Because expecting a very large

Doron Hendler:

enterprise, I don't know with the 5000, 10,000 and sometime

Doron Hendler:

50,000 people organization, to change in order to implement the

Doron Hendler:

chances that this project will be successfully are very slim.

Doron Hendler:

Therefore, if you adopt such a technology, the technology needs

Doron Hendler:

to be designed in a way that it will not interrupt with the day

Doron Hendler:

to day processes and will be adopted to observe them as they

Doron Hendler:

are and come up with the insights automatically and

Doron Hendler:

accurately.

Dr. Dave Chatterjee:

Okay, that's good to know. So

Dr. Dave Chatterjee:

essentially, what you're saying is, the adoption and

Dr. Dave Chatterjee:

implementation of such a platform should be fairly

Dr. Dave Chatterjee:

smooth, should not should not interrupt existing operations.

Dr. Dave Chatterjee:

Well, that's, that's very good to know. Another aspect when

Dr. Dave Chatterjee:

there is a detection of anomalous behavior, when the

Dr. Dave Chatterjee:

user journey is different from the normal user journey, let's

Dr. Dave Chatterjee:

say abnormal user journeys are detected. How does the alert

Dr. Dave Chatterjee:

system work? Who is alerted? And is there a way of capturing or

Dr. Dave Chatterjee:

documenting whether organizations are responding to

Dr. Dave Chatterjee:

those alerts

Doron Hendler:

When a sequence is being detected, there's an

Doron Hendler:

anomaly, an alert is being sent to the SOC (Security Operations

Doron Hendler:

Center) and being investigated by the analyst. Right. And then

Doron Hendler:

they have to, they can follow a procedure. For example, if this

Doron Hendler:

is a very high risk in a very high sensitive, sensitive

Doron Hendler:

application, the procedure may be in a way that you basically

Doron Hendler:

trigger another OTP (One-Time-Password) to the user.

Doron Hendler:

And that's maybe something that the user need to confirm that he

Doron Hendler:

is the user. And that he owns the device, because he's making

Doron Hendler:

a sequence which is very sensitive, relates to

Doron Hendler:

potentially money transfer. And because of that, you may decide

Doron Hendler:

that the procedure will be sending another OTP, or a text

Doron Hendler:

or something else. So there are different ways to do this. Now,

Doron Hendler:

if you want to basically investigate, so you can, you can

Doron Hendler:

also integrate into SOAR (security orchestration,

Doron Hendler:

automation and response) system and suspend the user, hold the

Doron Hendler:

users, quarantine the user not approving the transaction. So

Doron Hendler:

there are many, many, many different ways that you need to

Doron Hendler:

investigate and the classical way, the simplest way that I see

Doron Hendler:

we see many organization in a way that you basically contact

Doron Hendler:

this individual. And you ask him, why have you done this or

Doron Hendler:

whether you have done this this sequence. And in many of the

Doron Hendler:

cases, I have to say that internal consultants outsourcing

Doron Hendler:

and then internal employees are also trying the system, they're

Doron Hendler:

trying to see if there is some something or someone or some

Doron Hendler:

technology that actually monitoring their behavior. So I

Doron Hendler:

like to say also on going back to the guard at the entrance,

Doron Hendler:

when you come in the morning, you see the guard, you tell the

Doron Hendler:

guard, good morning, you trust him, he protect you, he is

Doron Hendler:

monitoring who comes in and out. Also me as an employee, I trust

Doron Hendler:

my security, infrastructure, security technology, that it

Doron Hendler:

will protect me and make sure that I'm not going to be abused.

Doron Hendler:

So nobody will steal my credentials. Or if somebody will

Doron Hendler:

do a malicious activity that will hurt the organization, it

Doron Hendler:

will be detected. So this is some of the thoughts that I have

Doron Hendler:

on this point.

Dr. Dave Chatterjee:

Yeah, makes sense. And just since he used a

Dr. Dave Chatterjee:

couple of acronyms, SOC stands for security operations center,

Dr. Dave Chatterjee:

and OTP stands for One-Time-Password. And if

Dr. Dave Chatterjee:

there's anything else that comes up, we'll clarify as we go

Dr. Dave Chatterjee:

along. But yeah, that makes a lot of sense. In fact, the

Dr. Dave Chatterjee:

reason I asked that question Doron, in my work, when I do

Dr. Dave Chatterjee:

research, when I consult with companies, I often come across

Dr. Dave Chatterjee:

instances where their processes for quickly reacting to the

Dr. Dave Chatterjee:

threat alerts and doing the due diligence is often slack, is

Dr. Dave Chatterjee:

often sloppy. That's why I posed the question, but I totally

Dr. Dave Chatterjee:

understand from where you're coming. Another kind of a

Dr. Dave Chatterjee:

reaction to what you were saying is, in the world of security,

Dr. Dave Chatterjee:

the perspective on security varies from organization to

Dr. Dave Chatterjee:

organization. Some organizations are more skeptical than others,

Dr. Dave Chatterjee:

when it comes to trying new solutions, because they feel

Dr. Dave Chatterjee:

Yeah, we will spend money, we are not sure we will see the

Dr. Dave Chatterjee:

ROI. So when you are talking about a solution like this,

Dr. Dave Chatterjee:

which has a lot of promises a lot of potential, how do you

Dr. Dave Chatterjee:

convince a potential buyer or potential customer to give it a

Dr. Dave Chatterjee:

shot? What does it take? What have you experienced when you

Dr. Dave Chatterjee:

have engaged with prospective customers? What are their

Dr. Dave Chatterjee:

concerns when they're evaluating such platforms?

Doron Hendler:

So one of the main concern is the variety of

Doron Hendler:

new applications and legacy applications that security

Doron Hendler:

executives needs to protect and write basically, business rules.

Doron Hendler:

And, and they don't have the capability, the manpower, the

Doron Hendler:

time to develop these across so many different applications. And

Doron Hendler:

every other week, or day or month, you have more and more

Doron Hendler:

applications, SaaS applications coming in, then you collect all

Doron Hendler:

the logs and into a central repository, and you need to do

Doron Hendler:

something with it. All right, rather than just collecting the

Doron Hendler:

logs. So for us, it's not convincing. This is a need and

Doron Hendler:

need by many of the security executives to come up with a

Doron Hendler:

much more effective way accurate and cost saving in monitoring

Doron Hendler:

the application layer, which is kind of there, but the need is

Doron Hendler:

there. But the technology is not there yet. And we don't need to

Doron Hendler:

convince them because they require something like this,

Doron Hendler:

which today, they have to spend a lot of time and effort and

Doron Hendler:

sometimes people even when we discuss with them maybe about

Doron Hendler:

budgets and space holders they saying in responding to us, we

Doron Hendler:

don't need to put a space holder for you guys. And I ask why?

Doron Hendler:

Because the cost saving you giving us on professional

Doron Hendler:

services that we need to hire third party companies to write

Doron Hendler:

all these rules to advise us how to write the rules and patterns,

Doron Hendler:

etc. The cost saving is already two or three times higher than

Doron Hendler:

the cost of your system. So it's a no brainer in many of the

Doron Hendler:

cases.

Dr. Dave Chatterjee:

Okay, excellent. I want to reiterate

Dr. Dave Chatterjee:

something you just said -- collecting the logs is not good

Dr. Dave Chatterjee:

enough, you have to do something with the logs. So true! Promptly

Dr. Dave Chatterjee:

analyzing the security logs, and taking the necessary action is

Dr. Dave Chatterjee:

centric to maintaining a proactive security posture. So

Dr. Dave Chatterjee:

Doran, we are coming to the end of our discussion today. I wish

Dr. Dave Chatterjee:

we had more time. But anyhow, I'd like to give you the

Dr. Dave Chatterjee:

opportunity to wrap it up for us with some final thoughts and

Dr. Dave Chatterjee:

advice.

Doron Hendler:

So when you're looking in into the future, in

Doron Hendler:

the next few years, you will see more and more basically, that

Doron Hendler:

the identities are becoming digital, there are no networks,

Doron Hendler:

because it's all about identity access into the applications.

Doron Hendler:

There are lots of different technology around access, around

Doron Hendler:

identity and access management, but very few around detection of

Doron Hendler:

applications. And at the end, what makes your business

Doron Hendler:

successful are the people and the applications, the rest are

Doron Hendler:

facilitators to make you successful. And if you really

Doron Hendler:

want to be protected in making sure that you are fully covered,

Doron Hendler:

there is a need for an application detection and

Doron Hendler:

response solution layer, which is required today by many of the

Doron Hendler:

organization and can provide you the bulletproof for the future.

Dr. Dave Chatterjee:

Fabulous. Well, Doron, thank you so much

Dr. Dave Chatterjee:

for your time for your insights. I'm sure listeners greatly

Dr. Dave Chatterjee:

appreciate it. Thank you.

Doron Hendler:

Thank you very much, Dave for hosting me today.

Dr. Dave Chatterjee:

A special thanks to Doron Hendler for his

Dr. Dave Chatterjee:

time and insights. If you like what you heard, please leave the

Dr. Dave Chatterjee:

podcast a rating and share it with your network. Also,

Dr. Dave Chatterjee:

subscribe to the show, so you don't miss any new episodes.

Dr. Dave Chatterjee:

Thank you for listening, and I'll see you in the next

Dr. Dave Chatterjee:

episode.

Introducer:

The information contained in this podcast is for

Introducer:

general guidance only. The discussants assume no

Introducer:

responsibility or liability for any errors or omissions in the

Introducer:

content of this podcast. The information contained in this

Introducer:

podcast is provided on an as-is basis with no guarantee of

Introducer:

completeness, accuracy, usefulness or timeliness. The

Introducer:

opinions and recommendations expressed in this podcast are

Introducer:

those of the discussants and not of any organization.