Defense in Depth

Tracking Anomalous Behaviors of Legitimate Identities

Feb 15, 2024

Adam Koblentz, field CTO at Reveal Security, discusses monitoring anomalous behavior of users, understanding threat actors in networks, and the role of AI-based tools. They highlight the importance of context in anomaly detection, tracking past activities, and strong multifactor authentication. The chapter emphasizes the significance of anomaly detection and user profiling, with a mention of sponsor Reveal Security as a helpful resource.

34:01

Creator website

Episode guests

Adam Koblentz

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The industry is still in its early stages when it comes to using AI to find anomalous identities and threat actors are leveraging AI better than defenders.

Context plays a crucial role in anomaly detection, and understanding and leveraging different levels and aspects of context effectively is a challenge.

Deep dives

Tracking anomalous behavior and the rise of AI

Tracking anomalous behavior is essential to detect and prevent breaches involving legitimate credentials. The industry is still in its early stages when it comes to using AI to find anomalous identities. Threat actors are leveraging AI better than defenders, and the state of the industry is still nascent. However, there is hope that the jump in AI technology will lead to significant improvements in tracking anomalous behavior.

Malware comparison Implementing Temporary Access Restrictions for Security Risk Mitigation

01:27

Beware of Breaches with Legitimate Credentials

01:00

Creating Normal for a User and Accepting Low False Positive Rates

01:07

Introduction

2min

Leveraging AI for Anomaly Detection and the Role of Context

3min

Understanding Context and Identifying Anomalies

10min

Tracking Anomalous Behaviors and the Importance of Context

3min

Credential Theft and Multifactor Authentication

14min

Importance of Anomaly Detection and User Profiling

3min

All links and images for this episode can be found on CISO Series.

The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security.

In this episode:

Where are we in terms of monitoring anomalous behavior of our users?
Why are we still struggling to understand what happens after threat actors are in our networks?
How are new AI-based tools helping us to scale efforts?
What's working and where do we need to improve?

Thanks to our podcast sponsor, Reveal Security

Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Defense in Depth

Tracking Anomalous Behaviors of Legitimate Identities

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Tracking anomalous behavior and the rise of AI

Context is key in anomaly detection

Leveraging AI and context for effective anomaly detection

Malware comparison Implementing Temporary Access Restrictions for Security Risk Mitigation

Beware of Breaches with Legitimate Credentials

Creating Normal for a User and Accepting Low False Positive Rates

Remember Everything You Learn from Podcasts