Security Intelligence: Should We Send A Guy With A Gun Or A Wrench?

We are kicking off research on security and identity intelligence, which is about understanding risk and detecting abnormal behavior.  One thing is clear: companies don't even *know* what kind of security (SIM, data,  identity, email, etc.) information they should be inspecting to detect security threats and where they should start eating the giant elephant of risk. They clearly need intelligent and automated systems to establish what a normal baseline means in user behaviors and events and then alert on any anomalies - and when they see any changes to normal patterns, understand whether they should send a guy with a gun or a guy with a wrench.  In this research (which will also be the topic of my Security Forum keynote speech) we will look at the interdisciplinary areas between enterprise fraud management, risk based authentication, data protection and identity management. I want to hear about your concerns, issues, and early case studies/solutions in this area.

Comments

Great timing Andras! We're

Great timing Andras! We're seeing many customers in EMEA and N.Amer embarking on the Security Intelligence journey by focusing on a more contextual business view of big data by correlating access, event, identity and business information into a more rounded view of user intell. From there it becomes a lot easier to develop historical, resource and peer level behaviour profiling which in turn creates a platform for identifying abnormal access and activity patterns. The key is to help reduce the initial noise of insider and cyber threat alerting and focus on the high risk in the organisation.

And how about security intelligence data for BI

And here's the icing on the cake. All this security intelligence and context is also useful for knowing what your company (and business partners and customers for that matter) really do... Which helps with reshaping not just internal assets but also your external facing web sites.