What’s in Store for the Future of IT Security & Machine Learning?

Here's What an Experienced Enterprise Architect Thinks

Bill Stangel has 30+ years experience implementing technology strategy, architecture and direction across global enterprises in financial services, employer services, healthcare, telecom, aerospace and defense industries.  He has had the opportunity to work from the Web to the Mainframe, with entrepreneurs and emerging companies.

We’re fortunate to have Bill as an advisory board member at Prelert and highly value his opinion, which is why we thought you might too. We sat down with Bill to pick his brain about the future of IT security and where machine learning will play a role. Here’s a recap of the conversation:

Read More

Analyze bigger data with summarized input

In my last post I talked about the StatsReduce feature of Prelert Anomaly Detective® for Splunk that debuted in version 3.3 at the beginning of October 2014.

Last December version 1.2 of our Engine API product made generally available the ability to submit pre-summarized data to our REST endpoints for analysis. The performance benefits are effectively the same as for StatsReduce in Anomaly Detective for Splunk. So why the different terminology?

Read More

Machine Learning the Sucker!

A recent blog post by Gartner Analyst Dr. Anton Chuvakin caught my attention.  Titled "SIEM/ DLP Add-on Brain?," it mentions that “we now [have] a decent number of vendors that offer, essentially, an add-on brain for your SIEM.”  Dr. Chuvakin has long maintained that SIEM (Security Information and Event Management) tools have been sorely lacking in their ability to actually perform the “analytics” that are necessary to extract insight from the data that IT Security and Operations teams collect as logs.

Read More

Distilling Alert Noise to Find Real Problems

kevin-headshot

Whether your concern is IT security or operations, it is highly likely that you are dealing with way more alarms than you have the resources to follow up on. Even modest sized organizations today are dealing with such overwhelming volumes of alerts that they aren't even sure what percentage are false positives. Alert fatigue is one of the biggest drivers behind investigations of advanced analytics for operations and security.

Read More

Slow Attack Detection

Detecting “brute force” attacks is a very common and obvious approach to identifying those users who are attempting to “break-in” using high-velocity, high-combinations of authentication credentials. But what about the opposite situation - an attempt to gain access via slow, but pervasive attempts at authenticating while keeping “below the radar” and avoiding potential failed authentication lock-out schemes? One of our users was successful in detecting this by leveraging one of Splunk’s default fields - “date_hour" and piping the search to Prelert.

Read More

Advanced Persistent Threats: Minimizing Losses with Early Detection

As originally published by Help Net Security.

Let’s travel back to 2006, the year the blockbuster, “The Departed,” came out. Matt Damon plays a young criminal who has infiltrated the state police as an informer for South Boston’s Irish Mob. Working his way up the ranks, he gathers sensitive information about the plans and counter-plans of the operations he has penetrated and leaks them to his organized crime cohorts. Eventually, police suspect that there's a mole in their midst. Now, we all know how this ends – Damon is exposed and killed by Mark Wahlberg for his stint – but not before wreaking havoc throughout the department.

Read More

Today's IT Challenges Require Advanced Analytics

Here is the basic problem – today’s IT environments are more dynamic than they were 5 years ago. Your architecture is more complex than it was 10 years ago. Your people are responsible for a larger % of that environment than they were 15 years ago. And yet you are still reliant on an IT management approach developed over 30 years ago.

In the 1970’s and 1980’s, major computer vendors brought expert systems-based IT management systems to market to simplify the management of a rapidly growing computational infrastructure. These early management systems made alerting decisions based on human expertise codified in the form of thresholds and rules.

Read More

Data Breach Notification: You Need to “Know” Before You Can “Notify”

With all the discussion about data breach notification leading up to President Obama’s State of the Union address, it is clear that the US federal government is considering data breach legislation that would pre-empt state laws already on the books.

While there will certainly be political debate regarding the merits of a federal law versus individual state laws (currently 47 states have data breach notification laws), a study by ISACA this week showed that a strong majority of surveyed members endorsed the President’s proposed data breach notification rules.

In fact, today it seems quite logical that timely disclosure of data breaches is usually in the best interest of both the organization that suffered the data breach, and the individuals whose data has been compromised. For companies, the stigma of suffering a data breach is no longer as severe as it once was (with the possible exception of outlier cases like the late 2014 Sony breach), and consumers are able to reduce the likelihood of suffering actual fraud when they are notified quickly.

Read More

Temporal vs. Population Anomaly Detection

Prelert’s Anomaly Detective allows users to discover two major flavors of anomalies, those that are temporal in nature (with respect to time) and those that are population based (with respect to all others). But, what are the differences between these two types and under what circumstances would you use one kind over the other? This blog discusses the details behind the analyses, their merits, and best practices based upon common rules of thumb.

Read More

Security Analytics Use Case: Finding Document Thieves

One of the nicest things about staying in close contact with users that evaluate Anomaly Detective is that I'm always hearing of interesting use cases in which anomaly detection is applied to discover something that you may not have otherwise known. This particular use case comes from a prominent university that was suspicious that its licensed documents (i.e. journal articles) were being stolen using hijacked user accounts. Here's how they put Anomaly Detective on the case.

Read More

Subscribe to updates

why all IT Security professionals should be using anomaly detection software

Free Whitepaper: 3 Ways that Anomaly Detection Software Improves Your IT Operations and Performance Issues

Anomaly Detection: A Look Under the Hood - Watch the technical video now

What is Anomaly Detective? Watch the product video.