Context. If you really want to step up your protection efforts and stop insider threats, APTs and a host of other attacks, you need context. Context starts with understanding the difference between acceptable behavior and meaningful deviations. That’s my mantra going into the Gartner Security & Risk Management Summit next week, where I’ll be participating in a panel: “Security Startups: Leading the Way to Success.”
Coming on the heels of Bay Dynamics inclusion in Gartner’s Security Intelligence Cool Vendor report, this panel provides me the opportunity to talk about areas where organizations can take a different approach to their protection efforts. Not only will I be talking about the current gaps in security practices, but also the relatively easy steps organizations can take to break their security silos and integrate better intelligence, so that they can quickly and effectively assess risk and take action.
That sounds like a big promise, so let me put it this way: If it was easy to baseline user activities, why wouldn’t you want to do it? It would allow you to identify activities that may be precursors to an incident – whether it’s an employee’s malicious act or an automated action taken by their computer or device.
Until now, it’s been unrealistic to take a user centric approach to protection, which is why algorithm-based network, host and endpoint solutions have been so essential. But in 2014, algorithms can’t understand nuance. Simply put, they cannot determine context.
So, if you are in Washington D.C. next week, stop by the Gartner show. I’ll be happy to talk to you about the changes taking place to make contextual, user-centric protection a reality.