“We have to cooperate if we want to live and work in a Secure World.” This was the opening line of the RSA Conference 2017.
On the first day of our visit, we met with several User and Entity Behavior Analytics (UEBA) vendors. One of them was IBM. They announced a collaboration between Watson and Qradar. Watson’s power will be used to enrich the collected data which they will include in Qradar. That way, Cyber Defense Center (CDC) analysts have more contextual information.
We elaborated on many topics including GDPR. Our GDPR experts are very well educated on the regulation and we are able to advise and guide our customers towards a customized compliance action plan. It is obvious that such a plan may include technology. That is why we met with IBM to see whether they are a valuable partner in this process.
The pros and cons of the UEBA technology
Personally, I really believe in the UEBA technology. That is why I arranged to see many UEBA vendors. It is a wonderful technology, but users that do not work on a regular base, might experience some hurdles…
UEBA tools analyze the end user’s behavior:
- The tools they use
- Logon/logoff times
- Amount of data they use
- Which data they use
If they notice any abnormal behavior, they will trigger investigations. So, if you have very irregular working habits, this might cause some problems. But, remember that this tool will show you Indicators of Compromise (IOC) your other tools will never notice.
What about EDR and SDSN?
The next day, we visited Cylance to have a clear view on their future portfolio, especially when it comes to the endpoint landscape. We attended some live demos on the Endpoint threat Detection and Response (EDR) tool they are developing. It looks very promising!
We also visited Juniper Networks’ booth to watch the new SDSN solution. They profoundly listened to my feedback and I am confident that this is the ideal solution to use in environments where we cannot install Next Generation Endpoint Security on the endpoints (Medical / SCADA / etc). It enables us to block endpoints on the switch port where they reside. In other words, we will be able to perform endpoint Quarantine services on endpoints that are not managed by the customer.
In a nutshell, UEBA, Next Generation Endpoint Security Artificial Intelligence and Machine Learning were the main trends of the RSA Conference. SecureLink’s goal is to check whether these vendors who use many buzz words put their money where their mouth is.