Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Behavioral Analytics: The Future of Just-in-Time Awareness Training?
Newest First  |  Oldest First  |  Threaded View
tompendergast
50%
50%
tompendergast,
User Rank: Author
1/21/2016 | 4:19:22 PM
Re: What are the Pros and Con - Features In Solutions
Kshaurette, thanks for your comment. One of the interesting providers that I'm keeping an eye on is ObserveIT, take a look there. But I do expect to see more firms like this (and those you mentioned) using their data gathering capacities to shine a light on user behavior, especially the "Insider Threat" posed not just by the Snowden's of the world, but also by those with far more innocent intentions.
tompendergast
50%
50%
tompendergast,
User Rank: Author
1/21/2016 | 4:16:51 PM
Re: What are the Pros and Con - Features In Solutions
Thanks for your kind words! I'm flattered.
ITSecurityTraining
50%
50%
ITSecurityTraining,
User Rank: Apprentice
1/21/2016 | 6:37:54 AM
Re: What are the Pros and Con - Features In Solutions
Writing with style and getting good compliments on the article is quite hard, to be honest.But you've done it so calmly and with so cool feeling and you've nailed the job. It is my favorite subject. This article is possessed with style and I am giving good compliment. Get more information about IT security training
kshaurette
100%
0%
kshaurette,
User Rank: Strategist
1/20/2016 | 10:58:01 AM
What are the Pros and Con - Features In Solutions
This is a very good article and i believe higher end analytics of behavior based activity tracking coudl become the 2016 and beyond trend.  Solutions with the right features become the best way to catch unusual (anamolous) activity like performed by a Snowden that could indicate behavior not normal as compared to what goes on daily, weekly, monthly based on a lot of possible comparisons.  The larger the repository of User Bahavior to perform analytics against the great the potential to detect activity that stands out as unusual.  What are some of hte most popular tools, I'm aware of Aristotle Insight, and probably bigger vendor solutions like Arcsight, Qradar, but what are typicaly feature sets that these tools exhibit that make them an accepted practice?


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22861
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted ...
CVE-2021-22862
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of ...
CVE-2021-22863
PUBLISHED: 2021-03-03
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would b...
CVE-2020-10519
PUBLISHED: 2021-03-03
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the Gi...
CVE-2021-21353
PUBLISHED: 2021-03-03
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was p...