Solid breakdown of why static perimeters don't cut it. The realtime risk scoring integration with EDR is where this gets practical though, most orgs struggle with the actual feedbackloop between endpoint telemetry and CA engines. Would be curious how you handle false positives when a legit user's behavoir suddenly shifts due to project changes or oncall rotations.
That’s a great question. The key is to look at job profiles and teams with oncall rotations and longer durations. Chances are there are patterns every X weeks (assume) seen that are common across the particular profile and team.
Solid breakdown of why static perimeters don't cut it. The realtime risk scoring integration with EDR is where this gets practical though, most orgs struggle with the actual feedbackloop between endpoint telemetry and CA engines. Would be curious how you handle false positives when a legit user's behavoir suddenly shifts due to project changes or oncall rotations.
That’s a great question. The key is to look at job profiles and teams with oncall rotations and longer durations. Chances are there are patterns every X weeks (assume) seen that are common across the particular profile and team.