Interset 5.6: Creating a Digital Fingerprint with Endpoint Data

Interset platform adds detection models to address ever-changing threats targeting the endpoint.

Interset 5.6 is here, and we are excited to share what this update entails. First and foremost, the latest version of Interset’s AI-enabled security analytics platform places a powerful focus on endpoint detection.

Since I first entered the cybersecurity space, I have heard plenty about endpoint fatigue. I get it. IT shops are almost always understaffed and are usually tasked with more than they can reasonably handle. They have to maintain corporate networks, provide VPN connections for remote employees, and support users’ workstations and applications.

Oh, and they have to keep everything secure. That little thing.

When it comes to keeping things secure, there are almost as many opinions as there are security professionals. You have the authentication camp, the network camp, the cloud camp, and, of course, the endpoint camp. All approaches have merit. As with most things, the sweet spot is usually somewhere in the middle, but the endpoint camp offers unique advantages. From a behavioral analytics perspective, the endpoint offers a representation of someone’s work-habit fingerprint by tracking when that user opens a machine, logs in, starts an application, visits a website, and so on. There is incredible value in this to find hidden threats.

I remember a few “Eureka!” moments in a conversation with a forensic investigator several years ago. One of those moments came from a detailed description that read like a real crime novel: Our hero sifted through endless rows of logs, reconstructing the criminal’s path to the stolen data. The truth could only be found in the endpoint logs. I was hooked.

The value of this data for security analytics in the context of the rapidly changing array of endpoint-focused threats is what continues to push us to develop more endpoint-specific models. Interset 5.6 can detect infected hosts and data exfiltration by leveraging “unique normal” for each endpoint in the context of processes, privileges, and enriched network data (think IPFIX). Advanced models on rich endpoint data can establish normal or unusual behavior and indicate a potential breach whether it is a result of dropped malware or fileless attacks through built-in operating system tools. And because it’s based on behavior and not a signature, even zero-day attacks (which involve never-before-seen techniques, tactics, and tools) can be detected.

Interset Dashboard Endpoint Detection
Interset dashboard visualizing anomalies at the endpoint

If you’re interested in learning more about Interset’s endpoint detection capabilities, please contact us.

Mario Daigle is VP of Products at Interset.