Good afternoon, ladies and gentlemen, welcome to our KuppingerCole webinar privileged user monitoring. As a key element of counter measures. This webinar is supported by beloved. The speakers today are me Martin Kuppinger.
I am CEO, founder, and principle Analyst Analyst at Ko Cole and tribe. Krak who is the product manager at, before we started the webinar, some background information, keeping a call and some housekeeping information. Keeping a call is an Analyst company. We were founded back in 2004. We are international and we are independent and focused on variety of areas of information security, including identity and access management, but also other areas concerning the digital transformation. We have three business areas.
One is research where we provide various types of research, vendor neutral, always up to date and independent advice. We have our events where we provide our leadership best practices, practices, and particularly excellent networking opportunities and advisory, where we support our customers in running their projects from the conferences.
There are two upcoming conference. One is the finance world to be held early may in Frankfurt. And the second one is our main one, which is, is the European identity and cloud conference, which we've run the 11th time.
This year main lines to twelves in Munich regarding the webinar. Some guidelines you are muted centrally, so you don't have to unmute or mute yourself. We are controlling these features. We are recording the webinar and the recording will be available latest by tomorrow. And there will be a Q and a session at the end of the webinar.
However, you can answer questions at any time using the questions featuring to go to webinar control panels so that we have a long list of questions. Ideally by the end of the webinar, when we move into our Q and a session, as always, our webinars are split into three parts.
In the first part, I will talk about regulations and user monitoring, how to find the balance, but also about how privileged user monitoring fits into the blueprints for realtime security intelligence and for privilege management overall, and how it fits into the broader identity management landscape.
In the second part, then will talk about best practices and insights for user monitoring and how this interferes with security lock management. And as I've said before, then we have a part which is secure an a session by the end of the webinar. So I wanna start with a very high level picture, and there's a lot of talk about this password of digital transformation, but obviously there are also a lot of welled elements.
So there are a number of external drivers such as changing partnerships, changing competitive landscape, but also more on the left hand side, the ever increasing attacks we are facing on the other hand, the ever changing regulations.
So the field in which we are doing it is changing and also organizations have to sort of reinvent themselves. They have to become more at agile, more innovative, be more flexible from an organizational perspective while meeting the regulations while being secure enough, having the right counter measures in place regarding attacks.
That means they have also to deal with some key topics such as smart manufacturing, know your customer of things, and many of these extend the attack surface. So if you look at smart manufacturing by design means it's not only about a business system, it's also about your manufacturing systems. The internet of things adds millions or billions of things you have to manage. And there is a variety of key enabling technologies, such as big data, such as identity, cognitive and artificial intelligence, blockchain sensors, robotics, and security and privacy.
And when we look at these various aspects and layers of digital transformation, then I believe there are two very important things or three in fact, for today's webinar.
So one is the ever increased increasing attack. Plus the everchanging regulations in the inner circle and in the outer circle of stem security and privacy, which means this is technol technical space, which helps us to deal with these changing requirements organizations are facing.
And there's when we look at it from a privilege management perspective, and this is sort of at the core of our webinar today, then from a privilege management perspective, there are also in, this is in the line of the stitch transformation picture, but also in the line, in the light of the overall evolution of it, areas are number of changing requirements. So it starts with this rats and attack.
What, what I call the ever increasing ATEX, which is a challenge. So we have to, we are facing more at attack. We need to find ways to protect our organizations better than ever before.
We have other deployment models.
So cloud, which we need to protect as well. So how can we manage our operators, our administrators, when they are accessing the cloud services? How can we add a level of protection here or on the other hand, how can we protect ourselves from a fraudulent use from employees of a managed service provider? We have to connect things. We have the need for integration. So moving into tighter integrated world. So privilege management, being one element of an overall security strategy, privilege management, being one element of an overall identity management strategy.
I'll touch for later in my presentation, when I talk about how does the monitoring aspect of privilege management relate to overall identity management to real time security, intelligence intelligence, what we see as the sort of the evolution of theme of security information management systems, and we have compliance again, and this is obviously one of the big challenges.
So we have our privileged users and as we all know, privileged users, highly privileged users, particular are risk. So they can cause more harm than sort of include us normal users frequently.
They are even shared accounts used for highly privileged access. So we have a higher risk. So it means we have the risk and we have on the other hand regulations where we need to understand which regulations apply. And what does it mean for us from a security perspective? So I'll give you a high level overview more and trouble later on, we'll dive a little bit deeper into which regulations apply, but when we trust started a very high level, so current love. So if you look at Germany, we have the ITC guides, cuz that's in other countries, we have other laws around this law.
There are a number of other related laws which requires implementing it security.
According to the state of technology. On one hand, this is a very, very, very unclear wording because it state of technology means that can be yeah, more or can be less on the other hand. From my perspective today, there's little doubt that a mature privilege management, so managing privileged access, getting a CRI on what is happening here with this high risk user accounts, this part of what we should consider state of technology. If you go a little bit deeper into it.
So if you look at many regulations, we can take again from Germany, the ma risks are the finance industry regulation. They explicitly refer to it, the ISO 27,000 standards or to Germany, the BSI, it Schutze, which is the baseline protection you should have in place. And in fact, these two regulations define a state of technology. And if you look at these take ISO 20,007, one point 2013, a required directly, if you look at a 9 2, 2 etcetera or indirectly from other perspectives, they require privilege management.
So we have regulations.
And while there are not that many regulations, which would say you have to have that type of privilege management in place implemented that way. Implicitly, why are sort of the concrete guidelines such as what I mentioned here as the it interests or more specific regulations or more specific standards in the case of ISOs standard than regulation is then fill it out and they can be considered the state of technology. So regulations, the driver, the negative thing clearly with regulations is a driver that it's still more about. You have to do it. It's less about positive advantage.
On the other hand, having a good enough baseline protection being good in that space allows you to move faster than you can do when you are always first have to type your security. So I think a good security baseline is from my perspective today, the foundation for agility of organizations and moving forward in, in digital transformation. So regulations on the other hand also are a challenge. So are you allowed to collect user activity data?
That's the question I, I hear again and again, and even in countries with a relatively strict law in that space, and there are other which are more strict in Germany, but even countries such as Germany, usually collecting data for a clearly defined, highly relevant purpose is allowed the bigger challenge, however, might be the workers' council. So what is allowed still might have to be accepted by the workers' council, which at least requires to sell it the right way.
And it, I think that's the most important point for my experience, do it right? Do it informed to get the people on board before you start not afterwards good, focused and controlled. So focus on what you really need to supervise what you need to collect this data and put some control in. So not only doing it, but having the right people, having the opportunity to understand what is collected, how is it handled cetera C this helps very much. My experience really helps to better work with the sometimes very critical workers, councils and other parties.
So when we look at privilege management privilege management historically started with shared account password management. So this was one time password and single sign on and identifying the accounts, which is still an important part we have on the other hand, the session management, which started a little bit separately, where we look at monitoring of sessions, recording of sessions, forensics, etcetera. And then we have on the right hand side of the screen, we have the integrations. So integration into provisioning, integration into log management scene.
So the security information when management or reach have security intelligence. And on the left hand side, we have the, I would say the more, the newer features of privilege management, which in particular and highlighted in yellow include privilege, user behavior analytics and anomaly detection. So we have various areas and monitoring sessions, understanding what users are doing. Understanding the animal is detecting. The Analyst is an important element for my perspective today for privilege management.
So this is one part you should have in your privilege management infrastructure altogether with limitations. And we, when we look at the privileged management life cycle, like I have to find it a while ago, it becomes even more obvious and clear how important that this is because so first of all, we need to understand what are our risks, which controls to implement. We need to identify the privilege accounts. We need to protect them. So particularly shared shared accounts.
We have to monitor these accounts. We need to look at the detection part. So how can we detect what is doing wrong?
This detection part is a very essential one. And this is really where this aspect of analytics of animal detection comes into place detecting challenges. We are facing detecting app, use all that part. We need to respond. So what can we do block a session, not easy to do because it can impact a very sensitive business process alert, whatever else we do, we need to respond. And then we need to improve our anti infrastructure to first mitigate risks.
So, and in this circle, the detection, the analytical part is a very important, very central element. So privilege management is linked to cybersecurity. I think this already became clear. It is also linked to the overall identity and access management space, privilege management being linked to cybersecurity is pretty interesting when it comes to selling it to the people who have the budget because cybersecurity and tendency has more budgets than understanding.
This is from my perspective, important to sell your project and to, to privilege management position, privilege management, right?
Because if we look at today's attacks, every attacker tries to get access to the highly privileged accounts. So privilege management by protecting these accounts reduces your cyber risk. And so it's one on one hand, the discipline of cybersecurity, the other hand, the sibling of identity and in particular access management identity of British accounts and shared accounts and access.
So what are they allowed to do when we look at the cybersecurity part early three years ago, or so we started talking about term realtime security intelligence, which is about collecting data from a variety of sources to acquire them at realtime, to correlate them, to bring in other data such as strats and vulnerabilities, and then to take actions based on that. And when we look at the left hand side where it's about the data, which is collected and user activity, for instance, so the behavior of privileged user is one of the important elements.
And in fact, when we look at what we see today in the market, as the privileged user behavior analytics, something Trevor will talk about more detail later on that this is sort of a purpose-built type of realtime security intelligence targets to protect your organization, to understand incidents in real time, to be more rapid in your reaction and to mitigate risks by that.
So the processing fly would be to airflow would be to, to collect the data, to parse it to normal, normalize it, to have this data in a model of normal, and to compare it with known threats with known incidents, but also to identify patterns and anomalies, etcetera, to be able to react on this.
And so was that in fact, privileged user behavior analytics, all this flows into the entire area of one element of breach and incident responses, where it's about understanding your risks, understanding the current status, improving it, and being able to identify incidents and to react on these sort of part of the error I've put into at box.
So what a risk is, we know it's threat, so probability impact the valuation of the asset, and then we have our risk and can understand the impact of it.
And so when we look at this, then for our crisis and incident responds again, we need to collect information on some of this collector is the alert is the understanding of the incident so that we can react and that we can execute. If we have a plan, part of this execution would be automated saying, okay, this is an incident. We know what it is about. We take this action automatically based on for instance, user behavior analytics. So it something which helps us was to broader space, a broader topic of regional incidents, incident response.
When we look at it from an perspective of how relates privilege management to I and access management. Finally, this is one of my last slides.
I think one thing is very important. It's a transversal functionality, so to speak. So privilege management affects administration, where we talk about identification of shared accounts. It affects authentication where it's about single sign on for shared accounts or the shared account password management.
The authorization, when we, for instance, have a futuristic cell and the auditing when it comes to session recording or the activity monitoring part. And on the other hand, it's a specialized add-on to other things we do in privilege management. So it helps us dealing with the shared accounts, helps us dealing with the highly privileged users. This is more the overview. And so as a closing slide of mind, a quick look at the future of privilege management, I trust observed that I missed translating a few of the items here. So it's about the threats. It's about the deployment models.
It's about the service models again.
So we need to be closer to the cyber risk. We need to look at the deployment models. We look at the service models. We support need to support things, the integration, the compliance, and that's where we need to move for. So we need to integrate the cyber security cloud support, MSP support, IOT support integration with IM and beyond. And finally, we need to bring in strong audit features. This is at a very high level. So the overview about regulations and user monitoring, how do these things relate?
Why do we need privilege management from regulatory perspective and how does privilege user monitoring fit into the broader space of privilege management at entity management and realtime security intelligence. With that I hand over to Jabba who will talk about best practices and insights for privilege user monitoring, and how does inference security lock management. So I'll make you moderator.
It is great.
So ladies and gentlemen, good afternoon, and thank you for the opportunity to present our views on compliance and how would the privileged user management is passing to the current regulations at the current compliance requirements? My name is job crony. I'm working at Bab bit. Let me just tell you a few words about Bab bit. It's a great opportunity for us to make such webinars together with cooking a Cole and Martin. Thank you for your presentation. That was a wonderful and, and very exciting overview for my presentation as well. So founded in Budapest.
Hungary is a leading provider of co S technologies with the mission of preventing databases with without constraining business. We are operating globally with offices across the United States and Europe together with our network and these other partners. We have a suite called context intelligence, which protects organizations in real time from threats, posed by Theus of virus and privilege accounts.
So we are very deeply involved into the privileged user problem.
And we, I think we have a lot of experience about what the regulations, what the compliance requirements said about the management of privilege users and what other kinds of aspects really affect the products such as the privacy questions. So we otherwise have a very reliable local management solution. We contact and this data I judge ingest, we have the so-called user monitoring solution called check control box, and we have a user nalytics on that code blind spot together.
They can identify unusual user activity and provided visibility, potential threats, which means that we are also think that the unusual user activities, the user can be the next step in identifying the security incidents. And that is why we think that we have to deeply involved and we have to deeply analyze the compliance related questions of every web analytics Bab.
It was hundred in 2000, and it has a proven track record, including 23 fortune 100 customers.
And amongst over 1 million corporate users worldwide today, the company employs approximately 250 people, but we're growing fast, both in terms of employees and revenue. Last year, the revenues increased with 35 percents. We have sales offices in France, Germany hung Russian United Kingdom and the United States and partners in more than 50 countries. So feel free to find our partners over or our offices in native country. So let's focus on the regulation parts as you may, I would say suffered in the last few years, there are several industry standards and there are several regulations.
And those also in the digital, single marketing and European union, there are hundreds of different regulations for different market segments. I would just name a few of them, which might affect you from the industry standards.
I think most of you are using guide 2017, which was mentioned by Martin in the last presentation. You may also see PCDs as if you're managing credit card data, but if you have some connection to the United States, you may also see the needs for, I P a or SOS or needs chart, some fellow developmental requirements.
But if you are working on the digital single market inside European, you could also see that there are some new regulations which will be effective from 2018 name, the GDP, the general data protection regulation, and the I D network and network information security directive, VE network information system of services to, to tell the whole title of that regulation. So we can see that we can see a very interesting regulative decision, which were made in the unit in the, in the European union in the last year. And those two regulations.
I think we are totally changed the game inside European union. And as an effect, GDPR will also change the game, how the companies should take their view on privacy in the whole world, for all, all organizations who have some kind of offices in the European, or if they manage privileged user, sorry, if they manage user entities, user related data of European citizens. So both GDPR and I, we changed the game, how we should see the cyber security inside Europe.
The main question on those regular regulations or lows, which were mentioned before is usually that is my data secure, maybe is, is, is as, is, has a different approach as they are, as it is focusing on the infrastructures and not on the data. But the other regulations are usually focusing on the data. And the question, as I mentioned, is my data secured and believe that question, we can see what is happening to my data and who can access my data. So those regulations are usually want to emphasize the need to, and in firsthand to protect the data itself.
Just take, just, just think about the data of the European citizens nation by GDPR. What is happening on that? Is there an incident with those data? Were those, was those data breached before? How does this data breach affect the end users? What happens with the data?
We should know that all organizations should know that. And as the next step we should know who could access the data, we should protect the data from accessing of some evil users.
And after that in a forensic situation, for example, we should know who was responsible for the data access, just reflect to the privileged user problem. We can see that indifferent that the data breach or the attack is coming from inside the company, or were done by an external attacker. It is very common that the data breach were used or, or were done by a privileged account.
So that is why we think that the privileged user account, the protection of user accounts is very, very important and was never important before, as we can see now, as the main goal of an external article is to get a privileged account, to, to reach all the data that can be used later for different purposes. Therefore in those compliance requirements, we can see that data management and access management have some kind of extremely important role that all companies should solve. Usually as the first step in, in their data, say in their information security and in their cyber security processes.
So there are two major fronts, data management and access management. Naturally these two terms, current present a lot as data management is dependent on the type of data we are addressing. And the same can be said about access management as what type of users are we focusing on to be more, to be more specific when it comes to data, we are going to address the requirements revolving around block messages.
Also by access management, we are diving into more details and privileged users and right, is essential to manage their access to critical servers and systems log and privileged access management. If you want to create a successful incident management process, which was also mentioned and highlighted by Martin in the presentation before we can see that nowadays as all companies have some kind of preventive counter measures in their cyber security system.
Now the incident management is usually focusing to those types of counter measures, log management, because we need more and more and more logs to find the incidents as POS in a, as early phase as possible, or to identify the previous incidents in a historical perspective and privileged access management, including the detective and the forensics capabilities of disability access management solutions.
As those two solutions can be a very important pillars of incident management. So let's focus on log management as the first step, the basic load management functions.
Usually as I think all of you might know, have the following steps first collect the log, then storing the logs, then encrypted as privacy is very important for logs as they might contain some very, some very important and very sensitive information on users, not just from privileged users, but also from, from any, any types of users and any type of sensitive data as well. Then it come in the pre-processing phase. As we have to find the important looks, which might be useful for incident management as well. They should be TA proof as well. TA proofing might be important in forensics.
If you want to use your logs at the court, for example, and then coming the reporting and the forwarding phase.
Then in incident management phase, you can find the relevant information relevant log and forwarded do other local sort the log management system or to the same systems. So locally significant role in LBI environment, I think was started as an indicator, the demanding purposes, no, basically doesn't basically cover any electric given.
There, there is in today's IOT and to, to wide a little bit of focus. And because Martin mentioned the for zero phenomena, IOT will be much more important in the future. So I basically anything that is someway connected to the internet can, and we will generate a log. Then the event, of course, and the traditional it systems will be extended to IOT, meaning a new challenge for those who are working with privileged users, because today I'm not so self confident that what the privileged users could mean in an IOT environment.
Why care about CLOs, an example, what type of sensitive information can be stored in the log?
So this is a broad example, but excellent. To give you an idea why log management is necessary when it comes to the compliance. Just to remember, we have two different purposes with logs. First of all, we have log into requirements from the different loads and the different regulations we have to store the logs.
It, it is usually described what the logs should contain. If you need deep information about what your privileged users done before you, it, those information should also be locked. But on the other hand, we should protect the privacy of the end users protect the privacy of privileged users as much as possible.
Of course, I will tell you some hint for, for logging or, or managing the previous users later on. So usually we have that type of information in the log.
We can see the time and date, which is, I think very important for an incident management situation.
You have the idea IP address, which can, which is also very important as you have to know the source of the, of the event, the product, what the product can be the quantity of another very interesting information about the transaction, the amount, some kind of data that maybe many people or many Analyst shouldn't know at last, but not least while this is a car number, which shouldn't be stored in a log. So this is an interesting example for the challenge. What we can see with loss, and this challenge could be, could mean the same for the village users as well.
A log contains a lot of information that is useful, that is useful in one hand for security, for incident management, for reviewing what has happened for, for forensics on the other hand could contain several sensitive information that should be handled with care.
So what we see in log management as challenges, the following challenges are the reason why log management is required. Almost any data secret compliance. Let me walk you through them with a few comments. First of all, P Andres, most for log messages, there is easy to temper logs stored and very easy to, into an unprotected traffic.
Just remind you to the privacy questions, quantity and quality whilst among hundreds of thousands of loads on a daily base, many of which have less than no actual elements for processing purposes, many message lost damages reliability. If it is missing it, won't fulfill its purpose such as provide detail regarding a critical event and last but not still fragmented environment, difficult to oversee as there is no central hub dis similar manage or data flow.
These are the regular log based challenges, but what can be the solution here for transit Andre secular confidential information should be hidden from plain view. This is achieved by transferring logs in encrypted channels, such as TLS and TCP and applying tape proof measures such as digital signature. And timestamping when stored. So there are the, there is the boost, the security and the privacy are included in such a log management perspective, quantity and quality.
We can minimize rest on the confidential information to the necessary minimum.
This is done by filtering and paring unnecessary information and only four, our drive on data and element to their destination message, message loss. The solution here is fair, safe, mold buying fair, safe counter measures to guarantee the no logs are lost to been transferred.
The use of hybrid this space, buffering and protocol that request te acknowledgement from the client once message has sent how for the fragmented environment, aggregating product installing and management log in the central area for better separation, centralized ment provides a single central how to manage all of handling and processing functions. So all of these solutions are can support this security, the incident management. And by the way, there is the first glance of the privacy.
What should be implemented in such products.
We can see some kind of privacy and enhancing technologies here. So encryption of course, which reflects to the need that if you have to comply with the related loads and regulations and mean by you have to protect the privacy of your users, you have a product that followed the privacy by design principle.
And this is I think the most important thing in this presentation that if you have to fulfill both requirements, mainly in the European union, or if you are under the GDPR, or if you are under the journal regulations, for example, you have to think not just under security, but also those privacy, anything technologies that can protect the sensitive data, even in loss, which is not so trivial, I would say.
So just think on a log management infrastructure, you have several sources of logs that are, that are real relate on different servers and then collected in a central log management server and then processed in a same system or in a head or whatever in a CQ database.
And those sensitive data that are coming that is coming from the different sources should protect their privacy, privacy data as well. What can you do? Okay. You have the encryption possibility what I mentioned, then you store it and then you relate. But there are other means of, of privacy in such an environment.
For example, you have excess control, which is another example for privacy hazing technologies. And you have ization as well, which means that you replace those sensitive data with some kind of irrelevant character sets. And therefore, although it is possible to trace back to user, it is very tough for a privileged user for administrator to see what exact user done in the, in the environment.
So in log management solution, Cisco store box, SSB and NG, we really focus on those privacy enhancing technologies and try to help to build privacy and enhance the privacy alert, but still security supporting infrastructure and product for those who really care with both privacy and security.
So the benefits of load management, of course, it can be centrally managed. This is the single pain of glass of incident management. We have the necessary amount of logs and you can search those log, which are only which are relevant. And we have reliable data in a full sector environment.
That means that you can enhance the privacy of the logs in such an environment, but that's turn to previous access management as hopefully we've solved this both security and the privacy issues of all entities, all the data which were mentioned, but we should somehow solve the privileged access management problems as well.
So we have the, let's say the privileged user, which can be anyone we think privileged users, usually as the administrators, as most, in most cases, the end of a cyber attack is usually to get credential an administrator if possible, but we can also see some high business users as privileged users.
And let's see the challenges, the privileged access management is aims to, to follow the AA, the triplet principle, which means the authentication of such users, the authorization to know what the users can do and the last, but not least the accounting accountability to solve the accountability of privileged users. So why should we care about the privileged users as we have the confidential data somewhere, for example, we have the box just to, to remind you to the previous example or to the very important business data, what should be protected.
Although we are building parameters on that and we are very good in preventive counter measures. Nowadays, we can see that in one hand, the preventive contracts are usually not enough or those necessary, but usually not sufficient.
So you, you should build your, I don't know, fire or VPNs as well, very important, but those counter measures can be usually circumvented by external occurs.
And also there are some internal players who have internal access to the confidential data system, admin, single management, etcetera, etcetera, what I mentioned before.
So somehow you should protect the confidential data from those previous users who can, who can, whose whose activity can really hurt if they have some successful access to those data, which are the challenges here, lack of proper supervision due to their high level of privileges. That is difficult to tell apart users from military malicious, once as privileged user process, almost unlimited advice within the network tracking and managing their every move is highly difficult. The inability to intervene. This comes from the previous statement.
Yes, tracking is already tough to manage. Being able to intervene necessary is more unlikely. The lack of evidence is it is difficult to track. It is more difficult to create evidence on perform actions. Mainly the most common information source in every event is ALOP files.
It's obvious yet with privilege users. It may like the necessary portions that we are critical events regarding them.
Also, it is worth mentioning that privilege users may process the ability to cover up their tracks, which makes it even more difficult to get a reliable information regarding directions and last but not least the lack of proof of compliance, demonstrating compliance is all about presenting all information and detailed format privilege users. Activities may come as one of those factors that presents a difficulty. And based on our experience, it really hurts to solve, for example, ISO 2017 requirement and to provide information and provide evidences about the, the steps of the privileged users.
So most of our customers, many of our customers really like our products because we can give such kind of evidences and fulfill their comparison requirements. Although personally, I think that buying the security product just to fulfill the compliance requirement is maybe not the, the wise move.
What I can see it is very usual that the first idea you together, a new separate product is to fulfill compliance.
So my advice here is that if you have some kind of compliance issue and it seems to be a good first step to buy a product, to fulfill the compliance only think about what else can you do with that product. As, for example, in the case of our product compliance, fulfill the complex requirements can cover only just a small portion of the capabilities of the product. So you can, you can even reach more major level in cyber security. If you wisely design the usage of the, of the security products.
So what privileged access management challenges, how would those privileged access management could be solved for the lack of software supervision through and enforcement access management, restric the access to confidential information so that only relevant personnel should gain the access.
This is, this is, this is one step.
What we, what we see now, the enforcement of multifactor authentication in those, even in those legacy, it infrastructures, for example, you are using talent TMF, a should be solved. And therefore this seems to be a good idea to, to support that kind of enforcement with the product that can, that can include the second factor authentication for legacy systems monitoring for the op, sorry, for the inability to intervention. So real time monitoring against policy violations, enforcing compliance, and allowing only actions to be performed confidential information.
And this is the, this is one way where the user analytics can add very good support for the classical rule based monitoring. As with the UBA, with the user based analytics tool.
We can, we can see those activities that can be suspicious, although they are not written into rules. So that is why many of us working on the cyber security, thinking that the UBA can be the next big step in cyber security as it Tru it's.
We can truly see that just writing the rules is not, not enough for solving the issues for lack of evidence investigation.
In our case, we have the socalled audited trails, which contains all the steps that were made by the Audi, by the administrators like survey, you have all the records, all the monitored records, what the users, what the privileged users have done in the environment, and you can review it like video, you can relate. And that's, that seems to be very good solution for those who need some kind of evidences of such users.
And, but plus, but not least for the lack of lack of proof is to demonstrate reporting and everything. We can also see that many organizations need some kind of reporting and all the reviewing searching inside the inside evidences, just for compliance. We have some based customers, for example, who outsourced many of their reviewing or yeah.
Reporting activities to other countries, or we, we can see the Singapore based financial regulations that also needs a high level of reviewing of those Audi trails, a product that can, that can help in reporting and can help in searching inside the Audi evidences on handy, handy, and easy manner can help a lot to fulfill comparison requirements, not just for the police users, but for all incident management related stuff.
So, as I mentioned, there are a lot of privileged users that enable a lot of privileged users that can access the infrastructure on different ways, such as TP, R B, C, or Citrix in our case. And I would say that we are focusing on to, to somehow manage those excesses pan solution is usually focuses our functions as a single point of access for separate teams. And they will always be aware of with accessing the critical servers.
We should have a real time knowledge of, of the events we should allow the separate teams, real time detection and response that differs from the majority of the security solutions that only act once an event has already damaged the organization and last thought, at least more than just log. Although we think that of course looks are very important, but session records not only act as an index pinpointing an event existence, but as a full record of the entirety of the making reviews and understanding of the circumstances revolving ground did not much more easier.
And this is my last slide where I show our approach. We think that both looks and both the privileged session monitoring are very important and useful, both for incident management as planned fulfill the compliance requirements, coming from data management and access management. But the user analytics can be the next step. The so called. We used to say that Ben two zero, the next step of privileged excess management, and that will help a lot for everyone to fulfill, not just the compliance requirements, but also to build efficient and useful cybersecurity system. Thank you for your attention.
And I'm ready for the Q and a
Thank you very much. So let's directly move to the Q and a and time to enter you questions if you haven't already answer the question. So I let's start with one question I have already in front of me.
So Java, from a security perspective, what is more reliable as an evidence? Is it locks or session records?
Well, I think both are very important. Both can be very important and very reliable logs are necessary in event evaluation yet only contain a portion of information of the user will perform it. So therefore we think that session records, as an addition, can help a lot for, for forensics investigator and for security personnel, as well as they are focusing on capturing just that, I mean the privilege user session and activity and the circumstances as well, that led to the,
Okay, thank you. Another question. And I think it refers a little to something I talked about before.
Maybe you want to dive more into detail, so it looks like some of the, for instance, the EU regulations, but also other regulations are not specific as industry standards. So leaving more up to the organization when it comes to required technologies. So can there be a balance found?
Yeah, the best practice shows that it, it is to start with something that is already defined refind, like the ISO 2017 or the PCI DSS, and use it as a foundation baseline for government regulation. Yet again, the base principles are the same only the adjustments made regarding that is much easier than Costa reinventing the security structure.
So every time when I'm involved personally, or the company involved into building some kind of security process, the best advisors usually start from the industry standards start with ISO 2017, for example, and with little changes, you'll be able to fulfill the industry or the government regulations as well.
Okay. One more question.
So if, if someone has already a log analytics tool in place, how does this count as log management or how does it overlap to log management?
Not exactly log management adds act as a safeguard that the information that is processed by tools are reliable and contains on relevant information. Think about it as your mailbox, for example, and you act as the analyzer, the mailing system you use only provides you the most crucial, amazing your primary inbox. The rest is either visible in other message categories gets archived or sent to spam while this is happening.
All your emails are ly collected and stores. So yeah, block management should be the foundation of some of many parts of information security.
Okay. So another question I have here, Dennis is, so in terms of privilege access management, is there a way that a user can tell that he's monitored?
That depends on preferences, both options are available. The users can be informed by logging into a server that the authentication is done by a pen tool. And of course it is possible to operate as a transparent monitoring tool.
What we see is that the requirement is very different in different geographical locations. So for example, in Germany and in France, this is one, one foundation requirement to let the users that they are monitored, although in Asia or in the United States, this is not as important, the transparent operation of, or the transparent. Yeah. The transparent operat administration, administrators are usually much more important as they well scientist a sheet of paper and they accept that they are under survey. So really depends on the country and the organization.
Okay.
So I think that we've come to the last question we can take. I think it's a very interesting one again.
So if, if there's a traditional privileged identity management or account management somewhere to shout password management, shout account password management type of solution in place, where does well comes into place? So where's the point why and where you need beloved and how it integrates
Our as well.
I, I would say that this is more than an assumption. What we see is that there are two types of organization, those organizations who, who have already implemented some kind of password management and those who, who, who don't have the password management included, we think that those organization are ready for depend zero to implement monitoring and privilege user analytics who already solved the password management question. Although we have a very good partnership with one of the largest vendor on that field.
Liman and we are a joint solution for those who are not implemented password management at this moment, and want to jump into the ware to the privileged account management question and solve everything, including password management and monitoring in one step. So we have a good news.
We have a joint solution, but if you already have an installed password management independently, who is the vendor, we really don't really care who you choose because all of our friends have very good password management solutions, but we think that if you've already implemented password management, you are ready to implement the, the ed user monitoring into the process as well. And as an addition to just ed, or just, just best for management, we think that our monitoring capability and our UBA capability can add much more, that you can get from a best for management.
Okay.
Thank you very much for these comprehensive answers. Thank you to all the attendees of today's webinar. Hope to have you in one of the next webinars, as well as an attendee, or to see you at one of our upcoming conference. Thank you very much. Have a nice day.
