Compromised-Account Detection

Compromised accounts can occur via phishing, malware, or a data breach. Attackers steal customer and employee credentials for financial gain or access to sensitive data through applications and networks. To catch thieves in real time, Interset designed the most precise detection solution available. Driven by advanced machine learning, the platform utilizes more than 60 specific algorithms focused on compromised-account detection among user and service accounts. Interset is also the only security-analytics product that can correlate indicators from endpoints, directories, ACL, and application logs. This covers for all types of account focused attacks.

Interset’s sweeping visibility empowers security teams to detect account compromises, connecting these attacks to related IOCs. In other words, it not only quickly and accurately surfaces threats, it goes a step further to provide the contextual information necessary to respond to an attack well before it reaches its target.

Privileged Account Monitoring

High-visibility incidents involving Edward Snowden and others have reminded us how blind we are to the actions of privileged accounts. If the employee is the threat or their credentials have been compromised, access to this type of account can lead to significant loss.

For each privileged account, Interset factors-in time, authentication, access, application usage, data movement, and more to baseline nearly 30 different types of behavior. When an account deviates from the norm, Interset’s analytics visualize a privileged user’s activity, factoring out false positives through risk scores, then alerting security to take action.

Incident Validation and Investigation

Interset will surface an attack before it reaches its target. But that’s just the start: It will then assist security analysts work to validate that attack, and integrate with your incident-response process and provide incident information to teams across your organization. The UI delivers a three-dimensional picture of an attack, critical to immediately understanding how to stop it. Entity-risk views provide analysts with visualizations of the attack timeline, risk trend, and new anomalies as an attack unfolds. And graphs detail how each anomaly differs from normal baselines. The timeline view also includes alerts from other security products, threat-intelligence information related to an attack, and even HR data including a user’s location and company status. This optimizes the validation and response process.

The Interset platform includes Kibana/Elasticsearch open integration and has the ability to run historical analytics for any data in the Elasticsearch engine. Investigators and threat hunters have one-click access to deep event-level information for an incident. Along with these features, our RESTful API and DXL integration optimize the response and investigation process, giving security teams the tools they need to stop an attack before data is compromised.

Insider-Threat Detection

Employees, contractors, partners, privileged users—all can become insider threats. They’re tough to spot, with devastating fallout if they succeed. The Interset Platform empowers security teams with sweeping visibility across endpoints, servers, networks, and even terabytes of log data.

It’s the only threat-detection platform that offers a complete picture of inside threats from backend to endpoint. Through machine-learning, Interset creates a holistic picture of normal processes. Upon spotting anomalous or high-risk activities, it connects these events to the users involved, increases their risk score (radically minimizing false-positive alerts), and presents the incident’s context in a clear, actionable, interactive interface. Interest detects and surfaces insider threats, while enabling security teams to work more quickly and efficiently to mitigate them.

Sensitive-Data and IP Protection

Many customers deploy Interset in a data-centric security program, because our analytics provide tracking and risk-scoring for digital assets. The platform looks at the file, which application it was created in, what type of file it is, who created the file, what derivatives of the file were created, where they are located, and data-classification tags. We’re the only security-analytics product that offers a riskiest-file view and data-centric drill downs into specific file level events.

Interset is also the only security-analytics vendor to offer its own endpoint sensor, and can correlate endpoint data with backend repository and directory data. Our platform uniquely addresses backend-visibility problems by applying behavioral analytics to the application logs of IP repositories such as Source Code Management (SCM), Product Lifecycle Management (PLM), SharePoint. Interset pinpoints high-risk activities for analysts, so they can stop bad behavior before a breach.

Endpoint EDR and DLP-Lite

Too many agents overload endpoint resources. Although not required, Interset’s endpoint sensor helps eliminate redundant agents, offering both DLP-lite (data-loss monitoring) and EDR (signature-less endpoint) threat detection in a single, passive lightweight agent. The latter monitors user, system, file, registry, and application processes as they take place.

This telemetry is delivered to the Interset Analytics Engine, where it’s combined with other event logs to offer end-to-end threat detection. Interset can also capture event data from your existing DLP and EDR endpoint agents.

Targeted-Attack Detection

Today’s cyber-attacks regularly penetrate even sophisticated defense-in-depth perimeters. Companies must monitor these threats inside their networks. But sifting through massive amounts of event data currently yields mostly false positives. Built on a true big-data platform, Interset ingests and analyzes massive amounts of data to quickly and accurately surface attacks.

Interset will detect, connect, and visualize an attack path—from compromised accounts to lateral movement, data reconnaissance, data staging, and data movement for exfiltration. With this context, Interset can surface attacks with speed, as they unfold. An analyst is immediately given incident visualizations and workflows to enable efficient validation, investigation, and response.

Optimizing Security Operations

Shortcomings in SIEM, DLP, IAM, and NAC products have created significant security gaps—too many false positives and overly complicated policy structures that reduce a security-operation center’s ability to accurately detect, validate, and respond to threats. SOC analysts waste too much time guessing which is the true threat. Interset’s advanced analytics platform was created to maximize the effectiveness of existing security tools and optimize security operations.

Correlating data collected from existing security tools, Interset provides an enterprise-wide view of user and service accounts, authentication, and access at the system and application levels. The platform also lends insight into the access and movement of high-risk data, automatically feeding contextual data back into your SIEM or incident-response tool. And it can make API calls to activate IT controls in your authentication, DLP, or NAC systems.

Healthcare/HIPAA Compliance

HIPAA and HITECH have rigorous regulations for protecting Electronic Protected Health Information (ePHI). Security teams are challenged with being compliant across varied environments, while enabling hospitals, labs, and insurance companies to provide high standards of care.

Interset was designed to correlate and analyze data from ePHI systems, endpoints, SIEM tools, and directories to offer real-time monitoring and threat detection never before available to healthcare providers. The analytics monitor all users, files, machines, and applications to surface risky behavior or policy violations. Its big-data architecture allows even the largest healthcare companies to gain visibility into threats. Meanwhile, compliance can easily be traced though historical monitoring reports covering access, usage, and movement of ePHI data.