Cyber Security - Sponsored
Moving the dial: measuring the
relationship between the user and their activity on a machine Executive Editor’s interview with Jeff Paine, CEO & Founder, ResponSight
M By Chris Cubbage Editor
60 | Asia Pacific Security Magazine
eeting Jeff Paine, CEO & Founder of ResponSight in Sydney, overlooking Bond Street, he soon explained why he shows so much enthusiasm and positivity. He has a unique and leading approach, and based on his 20 years’ experience, he knows it is greatly needed. “ResponSight looks very, very, closely at the link between the user and the piece of technology they’re using,” Jeff explained. “Our differentiator is the end user behaviour, rather than just operation systems, or what the hardware and applications are doing. We know from hacker activities and knowing the behaviours of threat actors, we know they can make the machines lie when they’re compromised. I’ve also seen this over my ten years’ experience in red teaming, penetration testing and security assessing. ResponSight’s approach is more objective, by not providing machine data, but instead the relationship between the user and their activity on that machine.” “The GDPR crystallises the fact that companies have been too comfortable collecting too much data for too long, and now they risk a spotlight shining into the shadowy corners of their data collection and management practices. The reason many enterprises have collected data historically is simply because it could be collected, not because
it was necessarily needed. This has resulted in a scenario in which many organisations don’t know what data they have, where it is stored, or how to manage or delete data. The introduction of Australia’s Notifiable Data Breaches scheme places further pressure on enterprises to rapidly mature their data acquisition and management practices. My message to all businesses is to not collect data you don’t need in the first place. Further, establish strong data deletion policies so you don’t keep unneeded data after the fact, and don’t use data without consent from the data subject. If your business operates globally, rather than doing one thing for each region and legislation, look at the GDPR as the benchmark and invest in solid privacy practices. Even in the absence of regulation, the notion of data control and distribution is a growing concern for consumers, and organisations need to be on top of it.” ResponSight comprises three key elements, the ResponSight Collector, ResponSight Aggregator and ResponSight Cloud Service, each working in conjunction. “By combining large volumes of raw numerical telemetry and selected metrics, it’s possible to build activity and behaviour profiles about users and their devices, without ever knowing who that user is or what that device is.” The ResponSight
