Thought Leaders in Cyber Security: Mark Jaffe, CEO of Prelert (Part 2)

Mark Jaffe: So I met Steve Dodson who’s the CTO of Prelert. Steve and I founded the business with the goal of automatically gleaning insights from those logs that are today missing and therefore lead to long undetected breaches and operational issues.

Sramana Mitra: Can you walk us through, in some detail, exactly how the detection is happening? I assume you’re selling to enterprise customers?

Mark Jaffe: Enterprises and to other vendors but mostly to enterprises. Let me explain that. I think it’s a really good question because I think there’s a lot of different approaches to solving, what we generally categorize as, advanced persistent threats. The best way to describe that in our approach is to recognize that most approaches try to solve the problem by identifying behaviors of some sort that are indicators of compromise. They do that by looking at historic trends and saying, “That was bad, so if it happens again, it must be bad.” What that does is, it focuses mostly on known bad problems. That problem – that even the SANS Institute talked about in their big study last year about why these breaches go undetected – and the real thing that security teams are trying to understand is, what in my environment is normal and what’s abnormal.

Because the bad guys are so good at flying under the radar, the only way to really detect these breaches earlier is to understand the baseline normal behaviors in order to detect abnormal behaviors. That is the approach we use. We use very sophisticated mathematics to automatically learn the normal behavior of the machine data that systems throw off. We can do that in a very fast and automated way so that with accuracy, we can then automatically identify anomalies whether it be abnormal users accessing systems from unusual places and doing new behaviors that are indicators of compromise, or servers that are communicating in ways to places that are indicators of compromise, and more importantly, if all those things are happening together. We can relate those things automatically to help IT understand what’s unusual, but tell more of a story around why it’s unusual and what’s related to those behaviors.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Mark Jaffe, CEO of Prelert
1 2 3 4 5 6