Everything You Need to Know About Interset 5.4

It’s faster, processes more data, and has many more machine-learning models. So your security team chases actionable threat leads, instead of false alerts.

Interset 5.4 security analytics risk dashboard

We’re proud to announce that Interset 5.4 is now available. Highlights of this release include:

  • An updated risk dashboard with direct access to enterprise risk reports and threat details from the main user interface
  • NetFlow support
  • A lot more machine-learning models

Updated Risk Dashboard
Our risk dashboard has always been one of the main focus areas of our product. We believe that information-security leaders need to know, at a glance, what their risk status is. And from that same user interface, security practitioners need to directly access details for threat-hunting, alert triage, and incident investigation.

We have updated the risk dashboard to enable intuitive time-shifting: Investigations span further back in time, limited only by the data. In addition, intuitive filtering has been added, providing analysts with the increased ability to understand relationships between entities such as users, file shares, machines, and others.

Below is an image of the latest dashboard. As you can see, this sample data set showcases 5.1 billion events, distilled into 1 million anomalies and then 29 risk entities that are high-priority security leads to be investigated.

The various entities that are being evaluated for normal, and therefore abnormal, digital footprints are across the top. In this sample analysis, these entities include users, machines, files, projects, servers, shares, resources, websites, and IP addresses. Through unsupervised machine learning, we distill billions of events related to these entities. Our security resources then find the threats that matter the most.

Distill billions of events into handful of prioritized threat leads

A security leader can directly access a current summary report of organizational risk.

Dynamically Generated Report Enterprise Risk

Direct access to the details that matter is directly available to the security practitioner, relieving them of a lengthy discovery process and serving-up relevant data in just a few clicks.

Direct Access Raw Security Events from Analytics Dashboard

NetFlow Support
Interset 5.4 includes support for NetFlow data from versions 5, 9, and 10 (IPFIX). This adds network analytic coverage, enabling use cases such as lateral movement, infected hosts, and data theft.

For example, if an infected host attempts to find its Command and Control server, it may establish a longer connection than usual. This is especially true when the host is connecting to a new destination, never before seen in the organization.

More Machine-Learning Models
Since January 2017, we have continued to expand our library of threat models such that we now have more than 300 unsupervised machine-learning models, none dependent on rules.

Not only do we continue to add new models to address an increasing number of use cases, but all models work together within the Interset analytical framework. This integration that creates a security ecosystem that swiftly scales to the pace of data growth, while optimizing existing IT investments.

They resolve to truly risky entities and provide full context to analysts in just a few clicks, using a simple and intuitive user interface.

Additional Features
Additional 5.4 features are available for large enterprises. For a full list of features, please contact Interset at sales@interset.com.