In any organization, a user may access numerous devices and applications, but not always with the same username or credentials. Devices and applications use platform-specific user registries that are distinct from each other. As a result, organizations may end up monitoring five user identities from five devices separately, while they actually belong to a single user. The table below shows one user, Michael Bay, using different user identities to log on and access various devices and applications.

Cyber attacks are becoming more frequent, targeted, and complex. When it comes to sophisticated attacks, one of the most commonly seen tactics is Lateral Movement. During lateral movement, many attackers try impersonating a legitimate user by abusing admin tools (e.g., SMB, SAMBA, FTP, WMI, WinRM, and PowerShell Remoting) to move laterally from system to system in search of sensitive information.

‍ The term “internal threat” refers to the risk that somebody from inside a company could exploit a system to cause damage or steal data. Internal threats are particularly troubling, as employees may abuse extended privileges, leading to massive losses for the organization. One such infamous case is of an ex-Google employee who was charged with theft of trade secrets from Google for a ride-hailing start-up Uber.

Everything that makes employees’ lives easier, makes yours harder. Detecting insider threats — both employees and cybercriminals pretending to be employees — has never been more difficult or more important. The cloud technologies that make everyone else more efficient make security less efficient. They’re noisy. They send a lot of alerts. You’re tired. You’re overworked. You’re overloaded.

The large amounts of behavioral data being generated today necessitate accurate labels for machine learning classifiers. In an earlier blog post, Large-Scale Endpoint Security MOLD Remediation, we discussed how to remediate labeling noise. In this blog post, we experiment with an unsupervised approach that eliminates the need for learning from labeled data.

We’re excited to share several recent user experience improvements we’ve made across the platform, including multivariate anomaly detection and other new features aimed at improving content governance. Continue reading to learn about some of our top product releases for October.