Forcepoint User and Entity Behavior Analytics
March 23rd, 2018 by Luigi Danakos

Today I want to focus on the study of User Behavior Analytics and how companies like ForcePoint are developing solutions to help mitigate cybersecurity threats from inside your company.

While attending Tech Field Day 16* out in Austin, User Behavior Analytics took the center stage during one of the presentations by Forcepoint.

I have always had a love for analytics, even more so, how you can determine actions based off of trends from users. This is quite prevalent in the gaming industry and helps game developers fine tune their product. So needless to say, hearing how you can use it to defend cybersecurity threats was quite interesting to me.

 

User Behavior Analytics what is it?

User Behavior Analytics is the collection of human behavior data to help identify anomalies in users to help combat cybersecurity threats. Companies like Forcepoint then develop algorithms and statistical models to help businesses detect potential threats from within the company.

The key takeaway is that using this technology is about tracking the users’ actions and not the actions of the system.

 

Why does my company want to monitor me?

It wants to monitor everyone, not just you. Understand that the sooner cybersecurity threats can be detected the less impact it has on the business.

According to ForcepoiForcepoint Insider Threat Imagent, 69% of enterprise security executives reported an attempted theft or corruption of its data.

Let’s be clear that not all data theft or corruption is intentional by users. A user sends an email to the wrong person or deletes a folder without realizing what they did. Take another example, you are surfing the internet and accidentally click on a cute kitten video, unknowingly affecting your computer with malware.

There are many cases of former employees trying to enact revenge because they are unhappy with their previous employer. Or the person is a salesperson and they access information and download client database right before quitting and starting with a competitor. This person’s intentions are deliberate.

 

How do they do it?

One waForcepoint User and Entity Behavior Analyticsy for Forcepoint and their customers to take advantage of this technology is through their User & Entity Behavior Analytics solution, this tool allows for them to bring data in from a variety of sources to understand who employees are and what they are doing.

By understanding who your users are and what they do normally, helps companies detect when something out of the ordinary happens.

If Bob never goes into the office late at night and randomly he starts accessing company files after 11 pm, you can identify a potential threat. Or perhaps, Bob got a new position and is working different hours or got assigned a project and was just trying to meet deadlines. Bob’s manager could go to him and say we noticed that you started logging in and accessing sensitive data late at night and when Bob replies he is in bed normally at 9 pm, the company would know something was wrong.

Watch the Forcepoint presentation on User and Entity Behavior Analytics

 

*Please note that Forcepoint was a sponsor of an event (Tech Field Day 16) that paid for my travel accommodations to participate in the event.

Posted in Tech Tagged with: , , , , , , , ,

August 27th, 2013 by NerdBlurt

Today PHD Virtual announced the release of  PHD Virtual Backup v6.5 and  ReliableDR v3.2. I had the luxury of playing with both releases prior to their launch this past week. I have to say that PHD Virtual is delivering a solid product. In addition to checking out the products, I was also checking out how well I was treated if I had a support problem. As much as we would love to have everything go smoothly, it¹s just not the case in life. I found PHD’s support  staff to be responsive and very professional while interacting with me. My initial request for help was met with-in a few hours and problem solved in matter of minutes.

What my problem was

For those that beta test products you know things don’t always work and I wasn’t aware of that PHD management consoles aren’t compatible with different versions of their products.

I wasn’t able to configure my host settings in the console. Reason being I was on a newer version VBA and an older version of management console. Simple problem and resolved quickly. But the response and treatment from PHD Virtual support in my problem was a great experience and for that alone I would recommend them.

What’s been added or changed

New in PHD Virtual Backup v6.5:

  • Backup Archiving: Automated backup replication capability that is WAN optimized and storage friendly. Backups can be archived to another location or to the cloud.
  • Exchange and SharePoint Recovery: Enables quick and easy recovery of granular Exchange and SharePoint items from any PHD backup in just a few clicks. This functionality is powered by Kroll OnTrack and is available with every Enterprise Edition license of PHD Virtual Backup.
  • Enhanced Scheduling for Granular RPOs: Schedule backup and replication jobs to occur as frequently as every 15 minutes.  When coupled with PHD ReliableDR, you now have cost-effective replication that can handle granular RPO requirements for critical applications, as well as guaranteed, automated DR failover and recovery testing.
  • Broader Support for 3rd Party S3 Compliant Providers: CloudHook is enhanced to support additional S3 compatible cloud storage platforms.

[youtube]http://www.youtube.com/watch?v=GWQTvuTY2LQ[/youtube]

New in ReliableDR v3.2 includes:

  • CertifiedReplica: Leverages cost-effective, storage agnostic replication that can scale to large environments, save bandwidth with WAN-friendly data transfer, secure with government grade encryption, and conduct granular backup and recovery.

Now let’s also note that there is plans for Hyper-V support on the road map.

You can also check out their recorded session from the #vBrownbag Tech Talks

Nerd’s Blurt

Since I started working with PHD Virtual I have enjoyed watching the products grow and see how the company takes customer service serious. They engage with it’s customers on all levels and listen to their needs and try to incorporate that back into the functionality of their products. If you are thinking of backup solution for your company you definitely should give PHD Virtual a look.

Posted in Tech Tagged with: , , , , , , , , , , ,

July 9th, 2013 by NerdBlurt

TrainSignal is a technology training company offering training from Microsoft to VMware. I have known about this company since I got into Virtualization back in 2010, they are very supportive of the community sponsoring many User Group initiatives. Back in 2011 I received a copy of some training from them while I was attending school. This helped me out a lot during that semester. At the time they were offereing DVD training materials.

Let’s fast forward to today, TrainSignal now offers it’s entire training collection online and in a subscription based model.

TrainSignal Training Home Page

 

As a vExpert 2013 this year TrainSignal was gracious to give the vExperts a subscription for a year, I asked Emilie from TrainSignal if I could give my subscription away to someone in the community. She came back with a 1year subscription to one lucky winner! See what I mean about the company giving back to the community. More on this later in the post.

Review

The website is easy to navigate, and to filter out video trainings.

Upon logging in you are brought to the dashboard

TrainSignal Training Dashboard

 

As you can see in the image above, it is easy to navigate through. You can see the newest courses offered and some of the popular courses. The navigation on the left is straight forward and simple.

Looking at the courses is just as easy, it is easy to filter through the offerings based on vendor. It even saves the search from your last filter.

TrainSignal Course Offerings

 

It shows your progress on the course you are currently going through

TrainSignal Training Course Progress

 

The course offerings are diverse and covers many areas, this is valuable to anyone studying for certifications and just wanting better understanding on certain technologies you maybe going to work with.

Having the training available 24/7 is great, Did I also mention that you can download courses for offline viewing? This way you can be able to access your training anytime.

TrainSignal Training Offline Player

 

Give-Away

I am going to make it really simple enter to win,Follow @TrainSignal and @NerdBlurt on Twitter then  Simply Tweet the following – I love how @TrainSignal supports the Community #NerdBlurtMojo #Training or Click Here (This opens Twitter and has text pre filled but you must add the hashtags.) Please note that you must use both hashtags and be following both accounts in order to be entered to win.

We are giving away 1 1year subscription to TrainSignal online training. courtesy of TrainSignal.

Winner will be selected at random from all qualified entries.

Important Dates – Give-Away starts accepting entries on Jul 9th 2013 and goes until Midnight August 31st 2013. The winner will be selected on September 1st 2013, Winner will be announced here on NerdBlurt.com and Tweeted from @NerdBlurt Twitter account.

Nerd’s Blurt

I love TrainSignal, I wear their vNerd Tshirts everywhere. Why? Because they have a product I use and believe in, their company dynamic is outstanding, but the best thing is their love for the community! They jumped at the chance to give something away with no hesitation, another reason I support and promote their offerings.

Posted in Sponsored, Tech Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

May 13th, 2013 by NerdBlurt

A few weeks back PHD Virtual acquired VirtualSharp, mainly for their ReliableDR product. The other day I attended a webinar on the product which is quite impressive,  I can see why PHD Virtual made the choice to acquire them. Disaster Recovery testing is expensive. Gartner cites it aprx. $30-$40K with some costing about $100k in estimates*. *Source

How often would your company do DR testing if that is the cost of it? Would you run tests every hour? Could you run it as often as you want? I’m guessing no. My wife would kill me if I was to say I need to spend $100k once let alone multiple times a day. ( My wife is the CFO for Blurt Media Group)

Reliable DR 
Taken from documentation I received

ReliableDR for VMware from PHD Virtual automates the Disaster Recovery process to dramatically reduce the cost and complexity of testing. It also enables you to certify your VMs will recover as planned, and within corresponding SLAs.

Here is the comparison chart of the different editions currently available at time of this writing. *editions are subject to change so please check with PHD Virtual for current offerings. Clicking image brings you to their website.

VMware, PHD Virtual ReliableDR

As you can see there are currently three versions, Enterprise, Foundation and Free.

ReliabeDR Standout Features

  • Automated, Continuous, Service-Oriented DR Testing – Maintains the integrity of you DR plan by being service / application centric, not data centric.  It takes a business-centric view of an application and its dependencies and then automates the verification of those applications as many as several times per day.  The typical DR plan is tested 1-2 times per year.  You can test several hundreds or thousands of times per year with ReliableDR!
  • Application-Aware Testing – Measuring of accurate Recovery Time Actuals (RTOs & RPOs)
  • Certified Recovery Points – automatically storing multiple certified recovery points
  • Compliance Reporting – demonstrates DR objective compliance to auditors
  • Test, Failover, and Failback – Automation of failover and failback processes
  • Flexible Replication Options – Integration with all major storage vendors, multiple software based replication solutions including PHD Virtual, and also includes its own zero-footprint software-based replication capabilities

ReliableDR Architechture

ReliableDR Architecture VMware PHD Virtual

As you can see from the above image you have both your primary and secondary sites. ReliableDR gets installed on your secondary site and hooks back into primary site.

From there, it creates a sandbox where you run the DR test without affecting your primary site and allows for you to run as many tests as you like. In addition to the ability to test your DR process you also receive reports to provide greater visability on recovery times and expectations.  Below is a video going over this architecture.

[youtube]http://www.youtube.com/watch?v=_jMJSQMz-I4[/youtube]

Nerd’s Blurt

I was impressed with the functionality and testing capabilities of the product. One of the things I was hoping for is multi hypervisor capabilities. I would think that this is on the road map for the PHD team seeing how more and more IT shops are a mixed shop. The major benefit that I see is the ability to test as often as you like. From this with the CRP (Certified Recover Point) you have good insights on your environment.

This product is definitely worth a look at. It was well worth the hour on a webinar to learn about.  You can download ReliableDR for free at www.phdvirtual.com

Posted in Tech Tagged with: , , , , , , , , ,

March 26th, 2013 by NerdBlurt

Waking with the sun shining and seeing the ocean crashing on the beach is very surreal. What makes this experience better is knowing you are going to learn a lot that day.

While at breakfast a few of us bloggers started out apart and ended up morphing a table for two into table for three. Now this may not seem like much but it’s a change from the restaurant dynamic, it’s not what they had intended for this particular place setting.

That is the cloud, taking something that you would do normally and rethinking that normal process to the new normal. This thought process really made me think when fellow Blogger Tim Crawford mentioned it.

You have to start thinking of things all over again. The possibilities of the cloud are still being explored by every company.

The location is set in Puerto Rico, this was beautiful choice and actually made me think of bigger picture outside of the US and Europe regions.

HP Converged Cloud

HP brought together a group of bloggers to focus on there Converged cloud offering.

Martin Castillo who is the HP General Manager & Managing Director for HP in the Caribbean & Puerto Rico, here he discussed the overall footprint of HP in the Caribbean.  One of the major and eye opening things today was the fact that HP exports aprx. 11 billion dollars of products and services from this region.

HP Converged Cloud Tech Day Martin Castillo

Following Mr. Castillo was Shane Pearson who is the VP Portfolio & Product Management. Mr. Pearson gave a general overview on HP Converged Cloud.

HP Converged Cloud Shane Pearson

Nigel Cook HP Technology Director & Strategist Cloud Management Expert, discussed briefly on the open source market.

HP Converged Cloud Day Nigel Cook

We broke shortly after Nigel’s presentation for lunch. Which probably was a mistake as you look outside and see the gorgeous weather and pool below and made me want to go for a dip.

After lunch we had a briefing from Jorge Garcia (Networking Sales Specialist) & Carlos Torres (Networking Pre-Sales Consultant. Went into HP’s SDN strategy. HP maintains to keep their SDN working with Openflow. Not being a network guru this area interested me more and I am already reaching out to some more knowledgeable colleagues in networking to give me a better understanding.

Shane Pearson came back to present on Application ReleaseAutomation and the journey to the cloud. He went over HP’s CDA (Continuous Delivery Application) however here he didn’t stick to marketing slides and actually talked about some challenges and the process behind it. Another thing I liked about the presentation was he gave us some genuine engagement by telling us of something he does for his brothers company. I was glad to see that an executive still found time to actually play with technology and this helped validate more of what Mr. Pearson presented.

Nigel Cook presented again, this time on HP CloudSystem.  One of the new things about CloudSystem 7.2 is the support for KVM.

Nerd’s Blurt

So far the event has been very thought provoking. It is being streamed live from SDRnews. We still have another day where we get to take a tour of the HP facility here in Puerto Rico.  Also we are getting a tour of the governors mansion. Keep an eye out here as I have got some questions and products I will be looking into for future posts.

The major take away from today was more of a new thought process, as cloud becomes the new norm, we start rethinking how to better old processes with this new technology. Like HP going from traditional systems to the converged systems, adapting to this new product model.

Posted in Tech Tagged with: , , , , , , , , , , ,