Interset Security Analytics Platform Delivers New Data Enrichment Framework to Expand Incident Context and Accelerate Investigations


Share this page

New integration layer ingests third-party data feeds to drive analytic models, create custom workflows and alerts, and enhance incident context

Ottawa, ON, April 25, 2017  – Interset has launched as part of its March release a new data enrichment framework, expanding specialized threat and compliance use case coverage and enhancing attack path visualizations for the market-leading security analytics platform. The new framework ingests third-party data such as threat intelligence feeds, alerts from DLP and other security systems, and even special watch lists like employee notice and HR systems. This critical information can now be used to drive changes to analytic model weighting, workflow actions and alerts, and create context-rich visualizations for incident situational awareness enhancement to support SOC analysts.

“When it comes to detecting and stopping sophisticated insider and targeted outside attacks, security teams need to bring all available resources to bear, yet relevant data is often unavailable to the analyst when they need it most,” says Interset CTO Stephan Jou. “The goal of Interset’s Data Enrichment Framework is to ingest vastly different types of data that can be highly valuable to threat detection, and use that information to further support the detection and investigations process.”

For example, Jou explains, knowing that an executable detected as an anomalous application on multiple endpoints was listed on the latest threat intelligence for “new attacks from Asia” is helpful to validate and respond to the incident. Existing security tools already produce valuable alerts and warnings related to anomalous events, but existing systems cannot stitch them together. In identifying insider attacks, motivation can be gleaned from changes in HR records, yet these are rarely available in real-time. With Interset’s flexible framework, security tool alerts, third-party data feeds, watch lists and outputs from applications like HR systems can directly play a role in the threat detection and response process. Further, in addition to the display of additional context at the right time, the enrichment framework is processed analytically: Interset’s analytical models can incorporate severity information in the third-party feeds to automatically adjust the sensitivity of its models, and the behavioral risk model scores themselves.

Use cases improved by the new Interset’s Data Enrichment Framework include:

  • Incident Context Enhancement – SOC analysts validating and evaluating threats need as much context as possible. IOC data, anomalous activity, and other high-risk entities must be displayed on a “single pane of glass.” Interset’s Data Enrichment Framework ingests and connects alerts, threat feeds, watch lists, and other third-party data to deliver a complete picture of the threat so SOC analysts can make fast and effective decisions regarding incident response and mitigation.
  • Insider Threat Detection — Non-IT data related to working and social activities of an employee can be useful in determining who is at risk for malicious activity and the motives driving action. HR system feeds, high-risk use watch lists, employees who have given notice, reduction in force lists, and social media monitoring system outputs can all be ingested into the Interset platform via the data enrichment framework. Inputs are used to change the weighting of analytic models, kickoff specialized workflow or alerts and provide rich visual context to investigators.
  • Data Exfiltration — Interset analytics uniquely capture data staging and exfiltration anomalies from ingested server, file share and IP repository system logs. The Interset Data Enrichment Framework allows the content inspection, finger printing and policy violations of DLP systems to be ingested. This connects customer data movement and compliance violations directly into the Interset platform, combining the data loss protection of DLP systems with the threat detection of the Interset platform.
  • Targeted Outside Attack — From malware introduction to compromised account detection, Interset’s Data Enrichment Framework adds new capabilities to pinpoint attacks faster and provide greater context for investigations. Malware threat intelligence feed information, application blacklists, cyber-attack alerts from perimeter systems, and EDR system alerts can all be ingested into the Interset system to connect this data with the results of Interset machine learning and analytic models. When an Interset endpoint sensor detects an anomalous executable that matches content from a threat feed, Interset alerts security teams to the presence of the threat and visualizes the anomaly and matching intelligence in the Interset Incident View.

In addition to the new data enrichment framework, the March release of the Interset platform includes new probabilistic math models to address account compromise uses cases and a unified risk dashboard that provides unprecedented visibility into an organization’s overall threat surface, IT systems, and user risk.

Schedule a demo of the Interset Security Analytics Platform.


About Interset

Interset provides highly intelligent, accurate insider and targeted outsider threat detection. Our solution unlocks the power of behavioral analytics, machine learning, and big data to provide the fastest, most flexible, and affordable way for IT teams of all sizes to operationalize a data-protection program. Utilizing agentless data collectors, lightweight endpoint sensors, advanced behavioral analytics, and an intuitive user interface, Interset provides unparalleled visibility into sensitive data. This enables early attack detection and actionable forensic intelligence with reduced false positives and noise. Interset solutions are deployed to protect critical data across the manufacturing, life sciences, high-tech, finance, government, intelligence communities, aerospace and defense, and securities brokerage industries. For more information, visit Interset.com and follow us on Twitter @intersetca.

Contact
Betsy Kosheff
bkosheff@interset.com
413-232-7057


Share this page