Published on November 11th, 2021 📆 | 3519 Views ⚑
0Q&A: Cybersecurity collaboration focuses on human behavior, asset utilization analytics
https://www.ispeech.org/text.to.speech
Technology plays a vital role in cybersecurity and its counterparts. The more access to rich technology resources attackers have, the more sophisticated and powerful attacks they can throw. But in the end, there is always a human sitting behind a monitor with a purpose.
âWhen organizations think about human behavior and the insider threat, per se, they always think about the malicious actor,â said Mohan Koo (pictured right), co-founder and chief technology officer at Dtex Systems Inc. âBut itâs much more than that. Itâs also insiders that do negligent things, and itâs insiders that are victims of their own lack of understanding. And so understanding intent, which at Dtex we call indicators of intent, is really important for us to know. Those indicators are what weâve been working with MITRE on for the last year or so.â
Koo and Chris Folk (pictured left), director of cybersecurity policy and strategic partnerships at The MITRE Corp., spoke with David Nicholson, host of theCUBE, SiliconANGLE Mediaâs livestreaming studio, during last monthâs Splunk .conf21 Virtual event. They discussed the MITRE ATT&CK knowledge base of adversary tactics and techniques, the Dtex Workforce Cyber Intelligence platform, collaboration with Splunk, and more. (* Disclosure below.)
[Editorâs note: The following has been condensed for clarity.]
MITRE published the attack framework MITRE ATT&CK. Itâs a bit of a game-changer. Now, enterprise security teams use that pretty religiously. So, tell us about that and what we can expect next from MITRE.Â
Folk: I think what made ATT&CK resonate with users is that itâs based on data. It started with data that we observed in our networks and organized around, at that time, the emergent principle that Lockheed Martin had put out on the Kill Chain. So it gave it structure. And whatâs been powerful and whatâs made it truly wonderful is that the communityâs adopted it.
So, what MITRE is really focused on is understanding how data and those problems come together. And then we surround the ecosystem of that problem with things like language. So we give it a framework and we give it operational data so that it actually has resonance with the users of that community.Â
So, Mohan, tell us how Dtex fits here.Â
Koo: What weâre doing is weâre bringing to the table a whole different type of telemetry, and itâs all-around human behavior. And, how we got together with MITRE is actually a direct connection to how we got together with Splunk as well.Â
When we came together and were introduced to MITRE at the Australian Cyber Collaboration Centre, we decided to take MITREâs expertise, which theyâve got more than 15 years worth of dedicated experience around behavioral science, and [learn] how it contributes to insider threats and study that in some depth. Putting that together with the data that weâre collecting for our enterprise customers was really important.Â
So, give us an example of human behavior that youâre looking for?
Folk: Every human has behaviors. What makes them unique is the context behind those behaviors. And then looking for indicators that are distinguishable from an individual doing his or her job. So you have to add additional context and behavioral indicators to that to understand how the individual is doing that differently in a case where they are up to no good, as opposed to under circumstances of doing their job in a regular course of action.
So, Mohan, if we do all of these things correctly, between Splunk, MITRE, and Dtex, you get the perfect scenario where youâre catching bad actors and youâre not inconveniencing good actors â so whatâs your view of this?Â
Koo: What weâve really enjoyed about working with Splunk over the last couple of years is taking a very holistic approach and realizing that we all need to come together to play this team sport. Because we, as Dtex, bring together a very clean data set that gives you that human telemetry, and then MITRE brings the behavioral science capability and behavioral science understanding, and Splunk provides that big data platform to bring everything together and show it and visualize it.
Watch the complete video interview below, and be sure to check out more of SiliconANGLEâs and theCUBEâs coverage of during the Splunk .conf21 Virtual event. (* Disclosure: TheCUBE is a paid media partner for Splunkâs .conf21 Virtual conference. Neither Splunk Inc., the sponsor for theCUBEâs event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
https://www.youtube.com/watch?v=yj-SmDOsgTY
Gloss