Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The Mistake of Looking at Datum vs. Data in Threat Analytics

March 13, 2017

  • Blog
  • Archive

Threat Analytics

One of the strangest words in the English language is datum. It is, by definition, the singular form of data but is rarely used in conversation or in written documentation. It generally refers to a single point of information or a fixed starting point of a scale or operation. When we review security or debugging information we often refer to single entries in a log as data when it should be correctly referred to as datum.

The term may be considered obsolete, but when it comes to security there are many times we make critical decisions on datum, and not data. This is where discussions on analytics and user behavior become important. It would be a mistake to base a decision on user behavior strictly on datum. Analytics and user behavior require data, and unfortunately many technology solutions that claim to support user behavioral analytics really only look at datum to make recommendations, and not data.

Why is Data so Important in Analytics? It’s More than a Single Event

Any analytics solution that makes a recommendation based on a single piece of information is more in tune with an event monitoring solution, or SIEM, than an analytics engine. For example, a single event based on user, time, date and location is not analytics – its datum. That information correlated with other event datum, and processed via correlation is not analytics either. That is just a correlation engine reviewing multiple events in a logical order. This technology has been around for decades.

If the events are unique, processed via machine learning, cluster analysis, adaptive correlation engines, etc. then we could potentially have analytics. It takes more than just a single event and event matching to create analytics based on variable event data. Being mindful of the analytics claim and data absorption model is key in understanding whether an analytics solution can really help you detect and resolve security anomalies.

What Good Analytics Looks Like

The central capabilities behind the PowerBroker Privileged Access Management platform, BeyondInsight, include purpose-built analytics. Clarity is an advanced threat analytics feature that enables IT and security professionals to identify the data breach threats typically missed by other security solutions. Clarity pinpoints specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of BeyondTrust and third-party solutions. Clarity analyzes information stored in BeyondTrust’s centralized database, which contains data gathered from across any or all supported solution deployed in the customer environment, including:

  • PowerBroker Password Safe: the safe storage of user accounts and passwords with automatic password rotation, session management, and workflow for securing privileged account management
  • PowerBroker for Windows & Mac: user and account activity data from desktops and servers
  • PowerBroker for Unix & Linux: user and account activity from servers
  • PowerBroker Endpoint Protection Platform: IPS, IDS, anti-virus and firewall log data
  • Retina CS Enterprise Vulnerability Management: vulnerability data
  • Third-Party Vulnerability Scanners: imported data from Qualys, Tenable, McAfee, TripWire, and Rapid7®

Clarity then sets baselines for normal behavior, observes changes, and identifies anomalies that signal critical threats via the following steps:

  • Aggregate users and asset data to centrally baseline and track behavior
  • Correlate diverse asset, user and threat activity to reveal critical risks
  • Measure the velocity of asset changes to flag in-progress threats
  • Isolate users and assets exhibiting deviant behavior
  • Generate reports to inform and align security decisions

Because of its ability to interpret granular and diverse sets of data, Clarity enables IT and security staff to reveal previously overlooked cases of user, account, and asset risk based on real world data and not just a single event, plot, or simple correlation engine. If you are looking to expand your privileged risk insights, contact us today.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.