Despite a difference of opinion about just what remediation really means, Bay Dynamics said its Risk Fabric Remediation Portal enables both security professionals and others to more easily identify threat patterns, trends and behaviors based on deviations from normal user activities. Organizations are drowning under their big data initiatives, lacking the ability to effectively filter and analyze the information in a timely manner to support their protection efforts, said Bay CEO Feris Rifai, but the portal puts all of this information through a user-centric lens for greater clarity and context, elevating security incident and event remediation to focus on dealing with patterns, trends, and behaviors.
Focused on turning enterprise data into actionable information risk intelligence, Bay is also promoting its recognition as one of the ITOA50, the top 50 IT operations analytics (ITOA) vendors (which means there are at least 49 other companies than consider this an attractive opportunity). Gartner appears to agree with that conclusion, citing the company in November’s “How ITOA Relates to Other Analytics-Driven Disciplines” report.
“ITOA is a technology-backed discipline that pertains exclusively to the communities concerned with the operational performance of applications and infrastructure,” stated Gartner Research Vice President Will Cappelli. “Nonetheless, ITOA processes and technologies intersect, influence and are influenced by a number of other IT disciplines. The two other disciplines, which, for the present at least, appear to be the most intertwined with ITOA, are security information and event management (SIEM) analytics and intelligent business process management suites (iBPMS).”
Rifai said his company introduced its first ITOA product back in 2007. “What it did was provide an easy button for analytics.” It provided the user with all the power without the complexity, and was OEMed by Symantec, and is now included in most of their security products.
In 2012 Bay Dynamics launched Risk Fabric, what Rifai called a “game changer”. Customers have so many products, which create silos, and also don’t tell you if someone is doing something that is unusual. His company takes an upside-down approach looking at every user in the environment and using predictive analytics to call out things not behaving as they should.
Risk Fabric federates data from security silos and IT repositories on an enterprise-wide level to automatically identify, track, and rate insider behaviors and interactions with information assets and systems. Its management interface leverages big data analytics capabilities to deliver context and state-of-the-art remediation around security events.
It’s all about getting the right information into the hands of the right people, said CTO Ryan Stolte. That’s where those programs fall apart, and Bay Dynamics comes in. By understanding user behavior, Risk Fabric makes it possible for companies to determine their risk exposure, evaluate insider threats, and reduce false positives.
“As new incidents come in, staff are presented with a queue, what is anomalous today and … prioritizes, the number one person I need to look at today… using Big Data. We’re scoring stuff as soon as it comes in.”
In a recent blog, Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group, noted that “there is a lot of work ahead as enterprise organizations figure out how to transform an army of point tools and manual processes into a cohesive security strategy.” The increased risk awareness (Target) and resulting fear, uncertainty and doubt (FUD), is causing security professionals to shift focus away from disciplines such as enterprise risk management and risk-based information security to technical security, stated Gartner.
“While the shift to strengthening technical security controls is not surprising given the hype around cyber attacks and data security breaches, strong risk-based disciplines such as enterprise risk management or risk-based information security are rooted in proactive, data-driven decision making,” said John A. Wheeler, research director at Gartner. “These disciplines focus squarely on the uncertainty (as in, risk) as well as the methods or controls to reduce it. By doing so, the associated fear and doubt are subsequently eliminated.”
IDC’s 2014 predictions included two items highlighting why security’s future looks so dismal, including 70% of CIOs will increase enterprise exposure to risk to accelerate business agility through increased cloud adoption. Unfortunately for that increased risk exposure, by 2015, 60% of CIO security budgets for increasingly vulnerable legacy systems will be 30-40% too small to fund enterprise threat assessments.
The sheer volume of security-related data is a major challenge, said Rifai. Bay has one customer, a US bank with more than 250,000 employees, whose security group was drowning in data. We give them a list of 50 employees every day that they need to pay attention to, something they weren’t able to do before with all their tools, he said. Another customer, a retailer, is being innundated with false positives as it tries to deal with over one million incidents a day.
“We’re providing that ablity to take that and put in context and match it to your environment in real time… and that’s a big difference for clients.”
Under The Hood
The Risk Fabric Remediation Portal helps customers make use of their big data gathering with an advanced analytics capability that mines the relationships among internal and/or external entities and their attributes, and across related information assets to provide context. It then leverages machine learning and behavior analysis capabilities to maintain intelligence about problems and proper categorizing, prioritization, and resolution.
Technical staff can easily conduct forensic analysis, remediate security events, and accelerate incident response. Lines of business can identify broken processes and accept or reject the risks associated with the handling of their own data. CIOs and CISOs can better understand the effectiveness and implications of broader protection efforts.