Black Hat 2019 recap: UEBA, Correlation, and Commitment

Monica White
New Member.
0 1 2,082

Last week, I joined my Interset and Micro Focus colleagues at Black Hat 2019 in Las Vegas, Nevada. Black Hat is always an exciting show: exciting presentations, valuable networking, and, most importantly, in-depth discussions with real security professionals about their security needs.

Interset UEBA BlackHat 1.jpgWe spent two days on the show floor having detailed discussions with attendees about how our user and entity behavioral analytics (UEBA) can help companies take a more proactive security posture. With UEBA, security operations center (SOC) teams, can automatically and continuously monitor for unusual behavior in their organization that might indicate a serious security threat. This approach, which is powered by unsupervised machine learning, gives SOC analysts the ability to detect even notoriously difficult-to-find threats, such as insider threats or targeted outsider attacks. 

The value of UEBA seems to resonate with security pros we talk to, and the same was true at Black Hat this year. What’s more, attendees were also keen to learn about how Interset’s UEBA will be “joining forces” with the powerful real-time correlation engine in Micro Focus ArcSight. Both UEBA and correlation are critical functions in any SecOps strategy; combined, they can deliver supercharged threat detection. Real-time correlation is able to quickly and effectively find the known threats, while UEBA susses out subtle, unknown threats that may otherwise escape rules and thresholds. Both approaches are needed because real-world threat scenarios don’t always fall neatly into one category. 

Interset UEBA BlackHat 2.jpgThis conversation seemed to hit the nail on the head for attendees who visited our booth. Modern SOCs are battling wars on multiple fronts, and a holistic approach that covers many bases is the only practical solution to not just keep up with but stay ahead of today’s creative adversaries. My colleague recently wrote a detailed blog about reducing security blind spots with UEBA and correlation, so be sure to check it out if you haven’t already. 

What was also a really important takeaway for us from the show is the fact that it wasn’t just the technology aspect that seemed to resonate with attendees but also attitude. When companies invest in technology, it shouldn’t just be a transaction, it should be a partnership. Our customers’ success is our success, and that requires commitment, even if it means giving the shirt off your back—something our ArcSight colleague actually did for a Black Hat attendee who had missed out on grabbing one our special t-shirts (pictured above). It was a small gesture, but the attendee’s response of excitement, gratitude, and genuine surprise was one that hit home for us. We believe in being a partner to our customers, not just a vendor. For as long as we can remember, the bad guys have been much better at collaborating than the good guys. That’s why we believe in doing our part to ensure that our community knows we’re all in this together. 

1 Comment
Micro Focus Contributor
Micro Focus Contributor

must be nice to attend

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.