Surescripts is not a data science company. But as the largest health information network in the country, they've gotten good at handling Big Data.
And their Big Data is pretty big -- the system tracks 270 million patients covering 71 percent of the US population, 3,300 hospitals, 900,000 health care professionals, 764 million medication histories, and 6.5 billion transactions a year.
The company decided to go with Hadoop and Splunk for their Big Data infrastructure, looking for evidence of fraud.
Then, a year ago, Surescripts CISO Paul Calatayud began looking at using the technology for security.
Since all the data the company processes is mighty tempting to cybercriminals, he began looking at user behavior analytics to spot attackers who may have gotten past perimeter defenses -- or suspicious behaviors by company insiders.
In particular, he looked for vendors who already had solutions in place so that he didn't have to build the technology from scratch. That would have required hiring expensive experts who wouldn't be generating revenues for the company.
"I don't want to get too aggressive when lots of smart organizations with lots of resources are solving these problems," he said.
The company first ran a three-month pilot project with Los Angeles-based Gurucul about a year ago, but decided against using the platform.
"What I've learned about the UBA market is that there are two camps of products out there," Calatayud said. "One is algorithm focused and the second is a model that is adaptive in nature with targeted use cases to provide you with a turnkey solution."
With the first type, a deployment can take a couple of months and requires a team of consultants to come in and set up the technology, he said.
"They have more revenues from professional services than they do from their products," he added.
Gurucul fell in that first camp, he said.
"Gurucul is more of a platform with very high-level usage and you would have to customize it," he said.
A deployment can take a couple of months, and requires a team of consultants to come in and set up the product, he said.
Meanwhile, Surescripts was already familiar with another vendor, Interset, formerly FileTrek. Surescripts has been using the vendor's products to protect against data loss for almost three years, Calatayud said.
"They approach the market with targeted use cases for account analytics, credential analytics, and user behavior analytics," he said. "It's very targeted, very specific. So you get a product, not just an algorithm that requires engineering to work."
For the past six months, Surescripts has been using Interset's Advanced Threat Detection Platform to track user activity, such as what systems they log into, where they are authenticated from, and what they are authenticated to.
Sign up for CIO Asia eNewsletters.