Interset 5.5: New Insider Threat Anomaly Detection Models

New and enhanced features of our AI platform enable faster and more accurate insider threat detection of financial theft, data exfiltration, and more.


Interset’s AI platform leverages unsupervised machine learning to automatically and accurately detect the insider threats that often lead to data breaches. Interset 5.5 increases threat detection capabilities with expanded anomaly detection for financial theft via expense report anomalies, data exfiltration via email anomalies, expanded EDR anomaly models, faster threat investigation via instant filtering and dynamic tagging, and a UI customization option for easier 3rd party integration.

Financial Fraud via Expense Reporting Anomaly Detection

We’re excited to introduce a new Financial Theft use case as part of Interset 5.5. This use case, which has been requested by many of our customers, is a slightly different type of insider threat that manipulates corporate expense systems for financial gain.

Leveraging Interset’s patented analytics framework, measuring normal behavior for individuals and peer groups, the new financial theft anomaly modeling identifies individuals who are abusing the expense system – such as submissions of extraneous or aberrant entertainment expenses – and reports them as potential financial fraud.

Financial Fraud Via Expense Reports Interset AI Insider Threat Data BreachFinancial fraud can be detected in multiple ways. Some examples of expense-related inside threat anomaly detection models include:

  • Identification of duplicate reports or abnormal claim amounts within a time period, peer group or category (i.e. “Entertainment expenses too high”)
  • Anomalous expense entries for a venue compared to others
  • Abnormal entertainment expense claims per week compared to peer group
  • Anomalous expenses for a date compared to others.

These anomalies are surfaced in the UI as “potential expense misuse” or “expense duplication,” and can be directly investigated further through intelligent one-step click-through navigation.

Data Exfiltration via Email Anomaly Detection

Email continues to be one of the most used communication tools. As such, it’s a significant threat vector that must be continuously considered. Interset 5.5 provides an expanded set of email anomaly detection models, including native support for Proofpoint email logs.

Interset 5.5’s unsupervised machine learning behavioral models detect unusual data exfiltration, understanding each and every user’s normal behavior, and highlighting those users sending more data via email than they normally would, or that their peer group normally would. Data Exfiltration via Email Anomaly Detection Interset AI Insider Threat Data Breach

Expanded EDR Anomaly Detection

Talk to any forensic investigator and they’ll tell you that endpoint data remains the most effective way to forensically reconstruct cyber crimes. This is where they figure out what process was kicked off by which parent, what the process did, what files they moved, where they move it to, what malicious software may have been installed, and so on.

Interset’s 5.5 endpoint sensor now supports an inventory of events and analytical models to provide intelligent detection on this critical source of data. Models include AI to understand the normal operation of an endpoint, including registry writes, processes running, and so on, and highlights endpoints that show signs of potentially infected hosts where malicious software made it past the perimeter.

In addition, Interset’s endpoint now generates network data from the endpoint’s perspective, which means that this NetFlow-like data is automatically enriched with user and machine information, and can be traced back to the endpoint process, which dramatically accelerates the threat hunter’s job with highly valuable leads.

The expanded set of EDR anomaly detection models can be applied against Interset’s endpoint sensor, or against any data source that contains the fields required to execute the models.

Expanded Endpoint Detection EDR Anomaly Detection Interset AI

Faster Threat Investigation with Dynamic Filtering and Tagging

Interset’s analytical framework is optimized to surface threats by focusing on top risky entities, such as users or machines. However, threat hunters often look for different ways to explore the data, to find relationships or trends that may manifest in alternative ways. To further empower this highly skilled community of critical users, Interset has expanded its investigative interfaces to further integrate threat hunting concepts into its main dashboard.

Threat hunters can dynamically filter across different facets of the data, such as threat type, a tagged set of users, and a specific file share to look for interesting behaviors and quickly test their hypotheses. This includes the ability to view color-coded risky behaviors in a grid that dynamically updates based on faceted filters that can be created and toggled. The ability to create and filter by custom tags further enhances the investigative toolkit to leverage Interset’s analytics in new and different ways.

Faster Threat Investigation Interset AI Insider Threat Data Breach

New Customizable UI Themes

Interset’s analytic framework is adopted by a growing set of partners, and our new Theme Panel allows organizations to create their own branded version of Interset, including custom color schemes as well as logos for the sign-in page and the main UI.

Interset AI 3rd Party Integration Easy UI Theme