Cyber security, as we all know is one of the pressing hot topics where we have to get better and better because the other attackers, the, the bad ones also are getting better and better. So I think it's a topic which will be here for probably forever. And there are endless topics we can cover when we talk about cybersecurity. So factually we picked one topic here, which is one of the intensively discussed.
One of the many intensively discussed topics in that case, I'll talk for the next 18 minutes left or so I'll talk about use of behavior being the link between cybersecurity and identity management.
And so when we look at these terms of UBA or U EBA, I quickly picked up a definition. There are many definitions here it's, as it's a cybersecurity process about protecting insider threat, targeted tax financial fraud, until then it's nothing new.
I would say because virtual library, cybersecurity technology claims to do that, to detect insider threats, targeted tax financial fraud, the point where UBA is different. And I'll elaborate on this in my talk is that it looks at the human behavior in contrast to trust packets that are passing for the network that are stuff. And that's where then this second part or second specific element comes in and it looks at anomalies in these patterns.
So the idea basically is to identify where are people in their sorts of virtual behavior behaving differently than they usually do than they are expected to do? So where are the Analyst in these patterns, which then potentially might indicate threat?
So it's less devices or security lens. Then the users UBA extends to users, the entities. And that's what I wanna look at a little bit more in detail. So when we look at many of the established and traditional security technologies, many of them take a somewhat isolated perspective.
So we have a lot of layers there and you can create whichever picture of such layers you want. So I think there are many of these pictures that case I choose. One was data center and physical service distortion network, the abstraction virtualization layers. We frequently have today's and our, the environments. We also could factor up a little bit of containers in stuff like that. We have the middleware, we have applications, we have data and access. And in fact, all of these layers are under attack.
So we have certain types of attack vectors that targeted different levels from the bios up to the applications.
And obviously we need to counter that. So we have also a variety of security technologies, which are built to help us protecting the various layers. This is already, I think, shows a, to some extent, one of the challenges we are facing in cybersecurity. So we have a lot of technologies in our, it, we have a lot of different attack vectors. We have a lot of technologies to protect the entire thing, which means we end up in a zoo of cybersecurity technologies.
And if you leave all that sort of isolated, it's pretty tough to understand what is happening, particularly because many of these attacks. So the more we look at the targeted, the advanced types of attacks, the more they tend to spend several of these layers, they spend several systems. And so what we can see on a certain layer might be not that problematic, but if you take together all the anomalies, all the indicators you have, the picture might be fairly different.
And probably many of you have, have looked at the block posts, other types of publications talking about talking about the anatomies of attacks and other stuff. There have been several of these published over the past years. And when you look at such anatomies of attacks, they start with sometimes social phishing, then there's something happening on, and then threats from the end point to some servers, it goes to the next level of servers. It goes after privileged accounts of administrators, it ends at the ground tools and then things are really becoming bad.
So we need something to integrate it. And there's some technology in there.
So for, for many years, we have this traditional seam, which we also have to admit virtually all of the traditional seam vendors have significantly evolved over the past years, moving towards things which integrate some part of UBA and part of other types of analytics, etcetera.
So the traditional seed in fact, was than collecting logs, collecting events, security information, event management, in fact, some sort of a packet or event focus, however you'd like to phrase it, but it was in fact, there are things happening on the network on a device, as I've said, or shown the definition, which are happening at a device at a network somewhere else. And I try to look at these things. So in fact, it's, we could say, this is looking at what is happening, but what is missing in that picture is who is doing that?
So there are some technical things which are happening, but the focus, which is to some extent lacking in that perspective is the who. And this is in fact where the UBA topic steps in and adds identity, adds behavior, adds another level of inside. So basically the same picture here, a little smaller, so that I have some room left for the topping.
So to speak, what we have here is in fact, the perspective of identity, which comes into play here. So there are users who are doing that. That might be people who actively do something, run an attack or user system or whatever.
So most of them are good. Some are fraudulent, some are malicious. That might be also user accounts, which are used by someone else. So we have this perspective of also, ATX obviously drying to get, get access to other accounts, to use them. So we have the identity and access management also as a piece, which delivers information about all the authentication about which access has been used, which data has been accessed.
So this obviously somewhere there's some overlap between this data, access data security and the next level, but it's another layer and factual, this adds to this entire UBA Aing, which then looks at locks and events in the context of user behavior of user activity.
So, and it adds advanced analytics and frequently more cognitive security beyond sea or on top of sea or enhancing sea. So there are different ways to deliver that. And I'll touch this also by the end of my speech. So beyond that packet focus, we add another focus, which is the sort of the behavior focus.
So we add the what, and we add the who here as something which comes into play. And this gives us a different angle and additional perspective of what is happening. So I know that I need to be careful with oversimplifying things, but in the next slide, I trust dry to let's say, simplify to the max, what is is really happening. So basically a lot of these technologies are based on, on, on pattern analyzes pattern, matching technologies.
So technologies which look at certain patterns of behavior and try to figure out anomalies and outliers in these behaviors of determine anomaly versus outlier is usually used as AOUS thing.
Unfortunately, because there are slight differences. So there might be things which happen willingly positively, and, but not, not too often while other things really are anomalies in the sense of that shouldn't have happened, that something critical, we need to look up at at a different way. So as I've said, it's very simplifying, but basically it's okay.
This user is accessing on Monday, Tuesday and so on until Friday from Germany. So on the one side we have the countries and on the other side, we have the days of a week. So the next week, same pattern here the week after, oh, an access on Saturday then, oh, we have something on Tuesday from the us and from Germany strange, oh, we have something on Thursday from the UK. And we have a little bit on Saturday and Sunday coming from Russia in that case, I think I've made a little mistake by the way, in the mess.
If you have looked it up, yes, I've mixed up the Friday and Thursday here.
So some point doesn't matter anyway, it calculates all that stuff and it comes up with sort of a picture of the behavior. So in fact, what it means is we collect a lot of data of behavior. And then we can identify, as I said, very simplified, we can identify where are things that are not the normal and we can go after them. This is basically what is happening. And so we might say that are some things which are regular behavior, some things which are anomalies or outliers, so which are recurring, but still not critical.
We have to iden to analyze that maybe we can identify it as a standard thing. Okay.
And say, this, the risk is not very big because it's still Germany and set of data's acceptable while things which then happen in a totally different country, obviously become more, more of a challenge.
This is basically sort, sort of the way many of these technologies work. So in that case, by the way, there's nothing of AI and that is trusts, pure statistics, nothing else.
So we should be very careful with terms like machine learning and AI and blah, blah, blah, because a lot of what is sold as that is not that it's just simple mathematics and not simple mathematics, it's mathematics, which is not simple correctly speaking, but it's, it's still not AI. Anyway, you could use AI, you could machine learning to, to do more on the data and we see more and more vendors, which are doing that.
But again, be careful on that. So this is factually what is happening. Okay. That was PowerPoint quickly. So UBA and identity, what does it really mean? So we have this user behavior, we collect data in IM and other other sources.
So we look at what is happening here. We use the UBA technologies to correlate the data, to analyze the behavior of the user. And as a result, we end up with Analyst and risk. So we have the data analyzed and hopefully understood. And we delivered that information again to target systems.
So every good security technology, not only identifies what is going wrong, but makes it actionable. So that is for, for me always, when I look at technologies, this is a, a simple variety criteria. If a technology doesn't make results actionable, then I have a challenge with it. So that's wrong how to fix it. That's always the point. If I can't fix it easily, then we are in trouble. And IM might be one of the systems that uses that information, for instance, for adaptive authentication.
So for saying, okay, because I have indicators that there is something going wrong, I request a stronger level of authentication that would be then closing the circle and making the information action level we have derived.
So, and then we analyze, again, this authentication and based on that, we can sort of increase our level of security if we use that information, right. For instance, by saying the authentication is different. And we see a couple of areas where this comes into place.
So when we look at IM and I achieve using that type of information, for instance, or in general, looking at behavior, then there's a sort of the entry level, which is more looking statically at where do I have anomalies in the access? So the access intelligence, but that is not the sort of the, what is the behavior part. This is sort of only the entry level. Then we have the next level, which is really user behavior analytics. So looking at what is happening at runtime, what is happening when the users are working.
And we have a couple of, of vendors, for instance, that deliver sort of specific targeted incarnations of the entire thing, like privilege, threat analytics.
So bridge that threat analytics and factors, then something which is focused on a specific group of users, the highly privileged ones, and sort of is a, a specialized application that is very well trained for specific use cases, high privileged users in contrast to UBA in general, which is more sort of covering every type of user, every type of access.
But we see more and more of these technologies entering also the field of IM I G as something which comes in, but not only that field, also other fields. So anyway, when we look at technologies and we have a lot of talk also about cognitive security, also, including the evening event today, if I draw such a cognitive security heat map, we can discuss the one out point. But basically what I said is here, how mature are technologies that rely at least in some of their, the implementations on, on cognitive technologies.
So beyond pure statistics, and what is the security impact then, and use of behavior analytics clearly is one of the technologies which already has reached a certain level of maturity, but also has a potentially very high security impact because it really can help us identifying anomalies, which are hard to see by just looking at data by just looking at technical information. So from my perspective, very promising thing, which is delivered in a variety of forms. So UBA today rarely is available isolate.
There's still some UBA pu play vendors, but the maturity of them already became acquired or vendors which do something different, added it to their technology. So we have it in the security intelligence platform, which we might call the next generation se platforms. We talked about this topic as realtime security intelligence over the past year. So the term today, commonly security intelligence platform, we see it in identity governance and administration.
We see partially also in the endpoint security and particularly the EDR, the endpoint detection and response thing in DLP in cloud access security brokers, but also standalone. So there are variety of ways where we can get this. And I think there's a logic in saying it's RA or integrated dental standalone solution, just because it's about integrating a lot of data, making concrete use cases and making it actionable and trust. Understanding the behavior is not enough. It's about understanding what do I do with that information?
I have collected the, that as a quick intro to the entire conference UBA, as one of the technologies is one which will be covered in a couple of other sessions. We will have a lot of other security technologies. And with that, I'm at the end of my first presentation. During this event, we have one or two minutes left for questions. So if there are any questions, we can pick them questions. If it's too early in the morning, I fully understand that.
Okay, Baba, wait for Mike
In your integration picture, I saw one thing you didn't add, and there's maybe a reason for it. You didn't put in risk management.
So it's that usually I don't see any risk management vendor, which has UBA as part of its technology. Risk management might, might be a consuming application. So obviously what you identify the risks, ideally they flow into your risk management up to the top level of your business risk and say, okay, we have certain risks here, but it's not that we see technology integration in the sense of when they're selling.
This is part of their risk management products today. Okay. So we're about to move to the next keynote. Thank you very much. And right now it's a pleasure to meet, to introduce Dr.
To of, he will talk about how zero trust is creating a game changing security experience and zero trust. I think we all know right now is the password of the year in cybersecurity, but I think there's also not only a password as with most passwords. There's something behind that. And I'm very curious about what trust will tell us about what is behind the password. So thank you. Welcome you. Okay.
