The big Elephant in the room – the lack of security analytics in security products

December 07, 2017 by Idan Tendler


When I meet with cyber security vendors, I make it a point to discuss, and to the best I can, really understand the challenges they face. One issue I hear over and over again, is how product leaders and developers are under constant pressure to enhance their offerings in response to the ever-expanding cycle of new threats. It’s hard enough to keep up with the necessary developments regarding their core product focus, but the evolving threat landscape, market pressures and customer requests often require security vendors to add features that are outside their area of expertise. That’s a big challenge. And by far, the biggest set of features that are is usually required is behavior analytics.

At Fortscale, we resolved to make it easier for security vendors to expand their security offerings so they can meet these challenges and natively add behavior analytics to their core offering. Today, I’m really excited because after a lot of hard work, we’ve accomplished this objective. With the recent addition of Presidio Embedded Behavior Analytics Engine and its SMART Kits, we are able to provide everything necessary for security vendors to easily add a variety of advanced analytics solutions to their products.

Why Add Insider-Threat Analytics and Features?

Sometimes I’m asked “Why add Insider Threat Analytics and features?  Why are they so important for cybersecurity vendors and their customers? 

I believe that the answer lies in the fact that many, perhaps most, security tools focus on the network perimeter when we need to be looking at what’s already inside our infrastructures.  Despite increased investment in cyber defenses, attacks are still on the rise. In the first half of 2017 we saw cyber-attack volumes double, despite significant growth in cybersecurity spending. Gartner expects spending worldwide to exceed $1 trillion over the next five years. So, why is there such a disconnect? What are we missing? The answer is that the attackers are already inside our networks, and most organizations are slow to detect them—if they can detect them at all.

The problem is that once attackers have a foothold within a network, they often have a free reign of all of its data and resources. The Ponemon Institute found that the average dwell time of an attack is 229 days. That gives an attacker plenty of time to establish persistence. Even if a component of their attack is discovered, they can return at a later date and continue their assault.

As soon as a cybercriminal appears in the environment, its critical to detect them and remediate all the components of their attack. This is no simple task—if it were, cyberattack statistics would be much different. Fortunately, with the right behavior analytic tools and insights, organizations are significantly more effective at detecting and stopping inside attacks before they can inflict significant damage.  That’s where Fortscale really helps security vendors and their customers.  We make it easy to add insider threat detection natively to the products organizations are already using.

 Presidio SMART Kits Provide Numerous Use Cases for Security Vendors

Presidio SMART Kits enables security vendors to easily layer behavioral analytics throughout their products and infrastructure. This provides native tools that their customers can use to address threats within their networks.

Each SMART Kit contains canned behavioral analytics that have been optimized to address a specific use case. SMART Kits are already available for the following.

Authentication Anomaly Detection: Monitors and analyzes all login activity across the customer’s network, endpoints, and cloud environments to uncover anomalies that indicate an attack.

File Access Anomaly Detection: Looks at access logs to detect unusual patterns and anomalous activity that indicates a threat.

Remote Access/VPN Anomaly Detection: Determines whether access from remote locations is legitimate or indicative of a remote attacker, who has managed to obtain valid user credentials.

Cloud Activity Anomaly Detection: Provides visibility into cloud activity, monitoring, tracking and analyzing the logs software as a service (SaaS) apps, such as SharePoint, Box, Google, Office 365, etc., to identify potentially malicious anomalies that indicate a compromise.

Database Visibility: Detects suspicious database activity. It tracks which users accessed which databases, when, why, for how long, etc. to identify anomalies that indicate malicious use or that credentials have been compromised or shared.

 AD Audit: Looks at Active Directory (AD) logs to identify anomalous activity that indicates a compromise.

Incident Workflow Automation: Prioritizes alerts coming from various security products.

Email Activity Anomaly Detection: Looks at email activity and mail server logs to identify anomalies that could indicate an attack.

Endpoint Visibility: monitors and analyzes activity on customer endpoints to identify anything suspicious that needs further investigation or remediation.

Web Traffic Anomaly Detection: Monitors and analyzes web gateway logs, endpoint logs and firewall logs to identify anomalous web traffic indicative of an attack.

By integrating Presidio SMART Kits, security vendors can easily equip their products with the insider threat intelligence needed to streamline and maximize the effectiveness of their security offerings.  This is a cost-effective way for vendors to significantly improve their products, and help organizations that use those products to better protect their resources and minimize the impact of a breach. 

I want to invite IT and cybersecurity product vendors everywhere to see how easily Fortscale can add User Behavior and Entity Analytics (UEBA) to your products and services. It’s a great way to significantly increase and leverage your offerings—without spending a lot of time and money on development and maintenance.


Learn more about our SMART Kits download our White Paper on Use Cases For Embedded Behavior Analytics. 





Idan Tendler

With a proven track record in both business and technology, Idan is a serial entrepreneur and a recognized expert in the field of cyber security and intelligence. Prior to founding Fortscale, he initiated, built and led the Cyber Security Business Group of Elbit Systems (NASDAQ:ELST), Israel’s leading defense integrator. This Group became the leading growth engine of Elbit Systems, and managed major Cyber Security and Warfare technological projects in Israel and abroad. Before that, Idan was a Business Analysis Manager at Elron, the technological investment arm of IDB Holdings, one of the leading holding companies in Israel. Prior to his business career, he served as an officer and head of a key department in the IDF’s elite Intelligence & Cyber Unit (8200). Idan holds a B.Sc. in Industrial & Management Engineering from Tel Aviv University.


Subscribe to Email Updates

Read Next

New Call-to-action