Interset Advances UEBA, Expands Use Case Coverage with Interset 5 Security Analytics Platform

Volume of new data source connectors, analytic models has created a platform that learns while detecting and scoring the risk level of threats across terabytes of data, for an expanding set of use cases in business and government.

Ottawa, ON, Nov. 2, 2016 – Interset, the security analytics company selected as a portfolio investment company and strategic partner by In-Q-Tel, today announced the release of Interset 5. The new version aggressively expands beyond traditional User and Entity Behavior Analytics (UEBA) use case coverage with new data source integrations and more than 100 new advanced analytic models. Interest 5 also features a new security operations-centric (SOC) user interface. Additionally, the new version leverages cutting-edge, machine learning-driven cyber and insider threat detection capabilities developed for the In-Q-Tel community using Interset’s extensible behavioral analytics engine.

Interset was also named “Rookie of the Year” at the annual McAfee Security Innovation Alliance Partner of the Year Awards.

According to D.J. Long, head of the Intel Security Innovation Alliance, “Interset’s integrations with McAfee ESM and McAfee DXL through the Intel Security Innovation Alliance provide our mutual customers with better data protection and an improved threat defense lifecycle. Partnering with Interset to combine the strengths of both companies is key to delivering a security analytics solution that provides accuracy and speed in threat detection.”

Out-of-the-Box Integration and Analytics

Available Nov. 30, 2016, Interset 5 increases the platform’s ability to detect threats and efficiently cover new use cases with out-of-the-box support for new data sources including Linux server, Web proxy, firewall, and VPN logs. The addition of these data sources to Interset’s industry-leading coverage, combined with new analytic models, enables Interset to detect and surface indicators of compromise (IOCs) across all stages of an advanced attack. These include: initial infection, command and control, internal reconnaissance, privilege escalation, lateral movement, and data staging. Interset 5 is the only security analytics solution that can detect, surface, connect, and offer risk-based prioritization of advanced targeted attacks as they develop inside the network. This means SOC analysts and forensic investigators can proactively identify, understand, and stop even the most sophisticated attacks while they are happening, long before data is compromised.

Interset 5 expands insider threat detection capabilities using specialized endpoint analytic models that detect and surface high-risk file access, movement, and exfiltration methods such as print, post and copy to USB. These capabilities — along with Interset 5’s ability to ingest Windows and Linux Server logs and run high-risk data access, usage, and movement analytics against them — deliver unprecedented views of unfolding insider attacks.

Security Operations-Defined User Interface 

Interset 5’s new SOC-defined user interface delivers entity risk and contextual validation views that enable level 1 and 2 SOC analysts to quickly and efficiently focus on, validate, and process potentially high-risk security incidents. By increasing the speed and accuracy of early detection and validation — combined with Interset’s strong cyber hunting and event query interface —security teams can proactively detect, investigate, respond to, and stop cyber and insider attacks.

“Interset 5 is about leveraging our big data platform and extensible advanced analytics engine to rapidly cover new use cases with out-of-the-box machine learning models and data connectors,” said Interset co-founder and CTO Stephan Jou. “By building an extensible platform on a big data open-source architecture we are able to rapidly increase use case coverage at scale. Interset 5 is the start of a new paradigm for our customers, who can now look to extend the platform beyond insider and cyber threat detection to different or unique threat surfaces, such as fraud and supply chain use cases. This platform model offers security managers superior ROI and lower TCO, while increasing operational success.”

Interset is demonstrating Interset 5 at the annual SINET Showcase on Nov. 2 – 3, 2016, at the National Press Club in Washington, DC. Additionally, Interset is showcasing the new version at this week’s Intel FOCUS security conference in Las Vegas, Nov. 1–3. Also featured at FOCUS is Interset’s new integration with the McAfee Data Exchange (DXL), Intel’s architecture for enabling an adaptive security ecosystem.


About Interset
Interset provides highly intelligent, accurate insider and targeted outsider threat detection. Our solution unlocks the power of behavioral analytics, machine learning, and big data to provide the fastest, most flexible, and affordable way for IT teams of all sizes to operationalize a data-protection program. Utilizing agentless data collectors, lightweight endpoint sensors, advanced behavioral analytics, and an intuitive user interface, Interset provides unparalleled visibility into sensitive data. This enables early attack detection and actionable forensic intelligence with reduced false positives and noise. Interset solutions are deployed to protect critical data across the manufacturing, life sciences, high-tech, finance, government, intelligence communities, aerospace and defense, and securities brokerage industries. For more information, visit and follow us on Twitter @intersetca.

Betsy Kosheff