Security Outlier

How performing behavioral analysis across silos can help detect sophisticated attacks.

We need to get out of our own way in terms of how we think about and implement security, while enlisting analytics and data science as our allies.

GDPR law applies to all companies that collect and process data belonging to European Union (EU) citizens. You have every reason to fear it because failure to comply will be costly.

Context and risk aware access control promises to make our industry more likeable.

It’s the biggest threat surface and best enforcement point for enterprise security

How automated responses to risk-scored activity can reduce threats.

Real-world use cases illustrate the power of analytics for detecting stealth threats.

The compromise and misuse of identity is at the core of modern threats and data breaches. This has been documented for years and continues to escalate. As a result, we are rapidly approaching the end of life for password-based...

Risk scoring is not an end in itself once it shows up color coded and normalized between 0 and 100 in a security operations center (SOC) dashboard. To provide real value it must be supplemented by a closed-loop response process that...

Why identity and access management is at the core of the gulf between these two C-suite roles.

In order to prevent security breaches, insider attacks and comply with regulatory mandates, organizations must proactively monitor and manage privileged access. As the compromise and misuse of identity is often at the core of modern...

Sometimes it takes a village. In the case of information security, sometimes it takes an employee. Forward thinking enterprises can go beyond simply providing IT security awareness training and hygiene tips for their users, and enlist...

Last month I examined how machine learning could be used to detect low and slow insider threats. In this, the final installment of my trilogy on real-world use cases from the recent Verizon Data Breach Digest, I’ll discuss how remote...

In my last post I discussed how machine learning could be used to detect phishing-based account compromise attacks using a real-world use case from the recent Verizon Data Breach Digest. This time I’ll examine how to detect insider...

In my last post I promised to use some real-world use cases from the recent Verizon Data Breach Digest report to illustrate potential ways that machine learning be can used to detect or prevent similar incidents in the future. For my...

At the recent RSA Conference it was virtually impossible to find a vendor that was not claiming to use machine learning. Both new and established companies are now touting “machine learning” as a major component of the data science...

When hackers posted online contact lists and other documents stolen from the AOL account of CIA Director John Brennan, they not only exposed a security breach with national security implications. They also shined a light on a glaring...

According to the Verizon 2015 Data Breach Investigations Report (DBIR), 60 percent of the time, attackers were able to compromise an organization within minutes. Meanwhile, in more than 75 percent of the cases, the average time to...

Identity theft, historically considered a consumer threat, is expanding its horizons. Looking for bigger game, attackers are targeting the enterprise with similar tactics used to hijack online and financial accounts belonging to...

Another former JPMorgan Chase & Co. (JPMC) employee was recently arrested by the FBI on charges of stealing customer data and trying to sell it. Similar incidents have occurred multiple times at JPMC over the past few years. Upon...