New Integration layer ingests third-party data feeds to drive analytic models, create custom workflows and alerts and enhance incident context
OTTAWA, ON--(Marketwired - Apr 25, 2017) - Interset has launched as part of its March release a new data enrichment framework, expanding specialized threat and compliance use case coverage and enhancing attack path visualizations for the market-leading security analytics platform. The new framework ingests third-party data such as threat intelligence feeds, alerts from DLP and other security systems, and even special watch lists like employee notice and HR systems. This critical information can now be used to drive changes to analytic model weighting, workflow actions and alerts, and create context-rich visualizations for incident situational awareness enhancement to support SOC analysts.
"When it comes to detecting and stopping sophisticated insider and targeted outside attacks, security teams need to bring all available resources to bear, yet relevant data is often unavailable to the analyst when they need it most," says Interset CTO Stephan Jou. "The goal of Interset's Data Enrichment Framework is to ingest vastly different types of data that can be highly valuable to threat detection, and use that information to further support the detection and investigations process."
For example, Jou explains, knowing that an executable detected as an anomalous application on multiple endpoints was listed on the latest threat intelligence for "new attacks from Asia" is helpful to validate and respond to the incident. Existing security tools already produce valuable alerts and warnings related to anomalous events, but existing systems cannot stitch them together. In identifying insider attacks, motivation can be gleaned from changes in HR records, yet these are rarely available in real-time. With Interset's flexible framework, security tool alerts, third-party data feeds, watch lists and outputs from applications like HR systems can directly play a role in the threat detection and response process. Further, in addition to the display of additional context at the right time, the enrichment framework is processed analytically: Interset's analytical models can incorporate severity information in the third-party feeds to automatically adjust the sensitivity of its models, and the behavioral risk model scores themselves.
Use cases improved by the new Interset's Data Enrichment Framework include:
In addition to the new data enrichment framework, the March release of the Interset platform includes new probabilistic math models to address account compromise uses cases and a unified risk dashboard that provides unprecedented visibility into an organization's overall threat surface, IT systems, and user risk.
Schedule a demo of the Interset Security Analytics Platform at http://go.interset.com/5demo.
About Interset
Interset provides highly intelligent, accurate insider and targeted outsider threat detection. Our solution unlocks the power of user behavioral analytics, machine learning, and big data to provide the fastest, most flexible, and efficient way for IT teams to operationalize a data-protection program. Utilizing agentless data collectors, lightweight endpoint sensors, advanced behavioral analytics, and an intuitive user interface, Interset provides unparalleled visibility to high risk events. This enables early attack detection and actionable forensic intelligence with reduced false positives and noise. Interset solutions are deployed to protect critical data across the manufacturing, life sciences, high-tech, finance, government, aerospace and defense, and securities brokerage industries. For more information, visit Interset.com and follow us on Twitter @intersetca.
Contact Information:
Contact:
Betsy Kosheff
413-232-7057