A new story from The Security Ledger Podcast

Automatic TRANSCRIPT

It comes to the analytics. What vendors are forced to do today is to is to be very precise in how the approach this problem. you can't just apply m l. As this data science approach other sort of one size fits all approach. You're going you're just gonna get up end up with a lord of noise. So what vendors like us to do is to curate these use cases and know precisely what detection technique or algorithm to lie in order to drive a specific outcome. And so on one end of the funnel you know. You're you're pumping in betty large volumes of data. But after all the processing your the output is in a very manageable size because you also understand we have the people of the staffing problem right. You don't have all all the staff in the world to look at this so you need to be very precise in video officiant in solving this problem indeed. The next russian is once you've once you've spotted some behavior that seem suggestive or worrying. I guess maybe the bigger messier problems. What do you. what do you do with and you build internal processes around managing that information enacting. That's a very interesting question of a important one. Because i think this is where a lot of insider threat programs fail because The assume just technology alone can solve this problem. I can tell you for sure. This is just like anything else A people process and technology problem and as a matter of fact the process and the people aspects are equally if not more important in this regard and the reason why is that when it comes to insider threat behavior. It's a black white situation right. It's always a shades of gray situation. Which what i mean by that. Is that you really need to have your policies and procedures I and out very clearly. With all concerned parties there needs to be consensus by and large not saying and everything between hr legal the working groups lines of business and so on and so forth so that when a particular nefarious behavior surfaced. They know how to deal with that. And i've seen inside. Threat programs fail because that type of a policy and procedure wasn't out in the first place so so they don't know what's right from right and wrong from.

Coming up next