Technology plays a vital role in cybersecurity and its counterparts. The more access to rich technology resources attackers have, the more sophisticated and powerful attacks they can throw. But in the end, there is always a human sitting behind a monitor with a purpose.
“When organizations think about human behavior and the insider threat, per se, they always think about the malicious actor,” said Mohan Koo (pictured right), co-founder and chief technology officer at Dtex Systems Inc. “But it’s much more than that. It’s also insiders that do negligent things, and it’s insiders that are victims of their own lack of understanding. And so understanding intent, which at Dtex we call indicators of intent, is really important for us to know. Those indicators are what we’ve been working with MITRE on for the last year or so.”
Koo and Chris Folk (pictured left), director of cybersecurity policy and strategic partnerships at The MITRE Corp., spoke with David Nicholson, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during last month’s Splunk .conf21 Virtual event. They discussed the MITRE ATT&CK knowledge base of adversary tactics and techniques, the Dtex Workforce Cyber Intelligence platform, collaboration with Splunk, and more. (* Disclosure below.)
[Editor’s note: The following has been condensed for clarity.]
MITRE published the attack framework MITRE ATT&CK. It’s a bit of a game-changer. Now, enterprise security teams use that pretty religiously. So, tell us about that and what we can expect next from MITRE.
Folk: I think what made ATT&CK resonate with users is that it’s based on data. It started with data that we observed in our networks and organized around, at that time, the emergent principle that Lockheed Martin had put out on the Kill Chain. So it gave it structure. And what’s been powerful and what’s made it truly wonderful is that the community’s adopted it.
So, what MITRE is really focused on is understanding how data and those problems come together. And then we surround the ecosystem of that problem with things like language. So we give it a framework and we give it operational data so that it actually has resonance with the users of that community.
So, Mohan, tell us how Dtex fits here.
Koo: What we’re doing is we’re bringing to the table a whole different type of telemetry, and it’s all-around human behavior. And, how we got together with MITRE is actually a direct connection to how we got together with Splunk as well.
When we came together and were introduced to MITRE at the Australian Cyber Collaboration Centre, we decided to take MITRE’s expertise, which they’ve got more than 15 years worth of dedicated experience around behavioral science, and [learn] how it contributes to insider threats and study that in some depth. Putting that together with the data that we’re collecting for our enterprise customers was really important.
So, give us an example of human behavior that you’re looking for?
Folk: Every human has behaviors. What makes them unique is the context behind those behaviors. And then looking for indicators that are distinguishable from an individual doing his or her job. So you have to add additional context and behavioral indicators to that to understand how the individual is doing that differently in a case where they are up to no good, as opposed to under circumstances of doing their job in a regular course of action.
So, Mohan, if we do all of these things correctly, between Splunk, MITRE, and Dtex, you get the perfect scenario where you’re catching bad actors and you’re not inconveniencing good actors — so what’s your view of this?
Koo: What we’ve really enjoyed about working with Splunk over the last couple of years is taking a very holistic approach and realizing that we all need to come together to play this team sport. Because we, as Dtex, bring together a very clean data set that gives you that human telemetry, and then MITRE brings the behavioral science capability and behavioral science understanding, and Splunk provides that big data platform to bring everything together and show it and visualize it.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of during the Splunk .conf21 Virtual event. (* Disclosure: TheCUBE is a paid media partner for Splunk’s .conf21 Virtual conference. Neither Splunk Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.