In our eleventh edition of the Insider Threat Podcast, we were joined by my STEALTHbits teammates, Adam Laub, the Senior Vice President of Product Marketing and Dan McLaughlin, Technical Product Manager. Dan and Adam are the dynamic duo that helped usher out our release of StealthDEFEND version 1. StealthDEFEND is our new real-time threat analytics and alerting component of STEALTHbits’ Data Access Governance suite. Focused on file activity, important contextual elements like data sensitivity, and the actual attack methods leveraged in enterprise breaches, StealthDEFEND protects file system data against insider threats and damaging attacks like Ransomware through prepackaged analytics and unsupervised Machine Learning models that detect behavioral abnormalities with unprecedented accuracy. This seemed like a very good excuse to learn a bit about how well machine learning did faced with insider threats, and understand how customers saw it during the extensive BETA process we went through to perfect the system’s intelligence.
When we started to put this in front of people, we expected them to tinker with it a lot. There are methods to give it feedback and we thought people would trust their instincts more than the system’s ability to learn. We were wrong. In the podcast, we talk about some of the reasons why, but what became clear is that people really do want the machine to get smart enough to take some of the load off their shoulders. We knew people wanted automation, but were surprised by the amount they were willing to let the machine to the driving. The results were great for us because it let the unsupervised machine learning do what it does best, and it resulted in real improvements flushing out false positives and yielding results worth paying attention to.
At the end of the day the idea isn’t to take the human out of the equation completely, of course. The goal is to provide the few flesh and blood experts with the things truly worthy of their attention. Business intelligence platforms have been leveraging machine learning to ensure financial analysts and other experts on the revenue side of organizations with high quality, fully analyzed data for a long while. As machine learning is deployed into security in a serious way, we finally get to catch up to those folks and take better advantage of the talent we have.
To be notified of Insider Threat Podcast episodes, sign up here