There’s a clear business case for applying analytics to user behavior, says Doug Copley, deputy CISO of Forcepoint. “It’s important for security organizations to understand what users are doing.”
Such a perspective can help organizations to better assess the threats they face. “Too much emphasis is placed on firewall logs, intrusion detection logs – these technologies generating thousands of events. I think we can glean a lot more out of truly understanding what our users are doing – the behaviors that they’re demonstrating – and with the right technologies, the intent behind what they’re doing,” he says.
In an audio interview at RSA Conference 2017, Copley discusses:
- The types of challenges that monitoring user behavior can address;
- The need to enforce security policies;
- Battling alert fatigue by using analytics to rank risks and flag actual problems.
Copley is deputy CISO as well as a security and privacy strategist at Forcepoint – formerly known as Raytheon|Websense. He’s also a board member of ISACA’s Detroit chapter and a representative and contributor to the Michigan Financial Services Cybersecurity Council. He previously served as IT director and CISO for Beaumont Health, as senior compliance director and chief privacy officer for Ally Financial and global information security manager for Ford Motor Co.
Source: SANS ISC SecNewsFeed @ February 21, 2017 at 11:09AM