Balázs Scheidler, CTO, BalaBit: Human elements are more important than they might think
September 2015 by Marc Jacob
For its new participation in the Assises de la Sécurité, Balabit will present its new approach to IT security called Contextual Security IntelligenceTM (CSI). For Balázs Scheidler, CTO, BalaBit: “Human elements are more important than they might think.”
Global Security Mag: What will you present at Les Assises de la Sécurité ?
Balázs Scheidler : I’m giving a presentation on the importance of privileged users in IT security. I’m going to introduce BalaBit’s approach to people-centric security that is a strategic approach to information security that emphasizes individual accountability and trust. It de-emphasizes restrictive, preventive security controls, and put the focus to the importance of monitoring the user activities – as it is a fundamental element of people centric security.
GS Mag: What will be the theme of your conference this year ?
Balázs Scheidler : Balabit has developed a new approach to IT security called Contextual Security IntelligenceTM (CSI). The CSI concept is designed to change existing IT security methods that restrict users’ access and activities by control-based security tools. Contextual Security Intelligence avoids introducing additional security control, extra authentication layers and policies. It is based on continuous monitoring and algorithms that focus on finding unusual activities in the behavior of users (that is unique, just like a fingerprint) and can highlight anomalies that are worth investigating. This way organizations do not need to choose between business flexibility and IT security, but can find a healthy balance between the two area.
GS Mag: How will evolve your offer in 2015/2016 ?
Balázs Scheidler : We see the importance of user behavioral analysis and big data analytics as these two can serve as additional value to an IT security team. Blindspotter, our latest product that we announced last year at Les Assises, focuses on and forwards all kind of extra information that an IT security team would need for investigation, for example log sources, privileged account monitoring information, SIEM and contextual security information. Furthermore, we also believe that the emphasis should be put on educating the people about security rather than controlling them.
GS Mag: What will be your commercial strategy for 2015/2016 ?
Balázs Scheidler : We would like to emphasize and draw people’s attention that focusing on human risk, prioritizing security incidents, and finding the balance between business flexibility and IT security are crucial for the success.
Firstly, the focus on human risk is important as privileged users, the users with the highest rights (e.g. sysadmins) at companies, might be compromised and those hacking them can have full access to the company’s sensitive information, such as client data, personnel records or credit card numbers. In this way, there is a growing threat posed by privileged individuals who have access to confidential information of a highly sensitive nature. Continuously monitoring their activities is therefore a must, to be secure.
Secondly, there are too many potential security incidents and alerts coming from firewalls, IPS, IDS, SIEM and user monitoring systems for the IT security teams. In a recent survey we concluded that 1 person has an average maximum 7 minutes per security alert to decide whether it is a sign of an attack (for instance, a sophisticated APT attack) and needs further investigation or not. For this, the game-changing approach could be prioritizing the security risks, based on User Behavior Analytics.
And lastly, it is necessary to balance business flexibility and IT security. This is our CSI concept that I have explained above.
GS Mag: What message do you want to address to CISO ?
Balázs Scheidler : Human elements are more important than they might think. One of our recent survey results showed that 84% of IT security related losses can be attributed to human elements (such as human error, sophisticated internal or external attackers) with the remaining 16 percent related to infrastructure issues (system malfunction, automated attack). But on the other hand, when it comes to budgeting, the ratio is quite balanced: only 55 percent of budgets are spent for managing human risk and 45 percent for infrastructure risk. If companies are aiming to spend their IT security budget responsibly, it’s high time to think over again what percent of the budget is spent for managing human- and infrastructure risks.