User Behavior Analytics: Marrying Identity and the SOC Like Peanut Butter and Jelly
June 23 @ 1:00 pm - 1:55 pm
I’ll be honest. I don’t like jelly. However, I do like enabling the baseline of a ZeroTrust architecture without replacing decades of existing infrastructure. There is just too much data for most policy engines to read and evaluate in real-time. Additionally, much of this data is buried within the Security Information and Event Management systems and not structured for consumption. Conversely, most Security Operations Centers (SOC) have no visibility into the business context of the users they are investigating, which is extremely rich in our identity governance systems. This presentation will discuss how we utilized User Behavior Analytics to bridge the SOC and identity teams to build a Trust Inference for all an organization’s users, systems, and devices. Through this process, we were able to distill the data into simple risk scores used across policy decision points and identity governance certifications. Additionally, we provided data back into the SOC to allow the team to execute playbooks when alerts are triggered more quickly. We will end this presentation with what is next for the user behavior analytics and how the emerging Continous Access Evaluation Protocol (CAEP) will allow organizations to provide deeper dynamic access authorizations for federated identities.