Transcript
So let's kind of take this out of order here. Suspicious behaviors. Uh, UEBA. Right. Things like a possible travel. Um, some of this is a malicious user. Some of this is maybe compromised credentials, right? Steve's uploading something in San Jose, and then five minutes later, he's doing something in Singapore, right? Certainly that's an impossibility. So let's let's alert that. And so I'll call it out. That only starts with a giant subset of data. Right. You have to be able to see everything that's going on. Right. So that SSE cloud that sits across all those connections can start to aggregate that, right? Failed login attempts, uh, bulk uploads, right? Something that's happening outside of normal hours. Right. So Steve normally does his business between 8 a.m. and 5 p.m., but at nine and ten, he's uploading giant amounts of data, maybe something - he's getting ready to move to another company, or maybe just a suspicious behavior. So that's one thing that you can start to look at and start to understand malicious activity that's happening in your environment. Certainly, email is a huge vector that users will use to start to move data around. Um, the concept around here is, right, there's two ways that you can do it. You can do API versions, right. So you can monitor using API those email accounts and you can identify suspicious behaviors. The other aspect of it is you'd be able to prevent attachment. So using inline you can say okay if this has got sensitive data I don't want you to attach it to, um, a malicious to a personal, uh, web app. Right. So don't attach sensitive data and you can do that across any number of web applications.
