Interset’s advanced user and entity behavioral analytics (UEBA) analyzes billions of events and shines a new light on user information—such as abnormal login frequency, date or time of work, unusual machines—in order to expose difficult-to-find threats. Interset’s partnership with CrowdStrike combines detailed and accurate data provided by CrowdStrike Falcon, giving security teams the necessary context to detect signs of credential access, discovery, lateral movement, or data exfiltration quickly and effectively.

Watch the Video

Interset UEBA for CrowdStrike in Action


Leveraging a pre-built Interset connector and CrowdStrike’s Falcon Data Replicator service, a major US hospitality brand used Interset UEBA for CrowdStrike and began revealing hidden threats within a matter of days. After analyzing more than 3.3 billion data points from the incredibly rich CrowdStrike Falcon platform, the customer was able to surface unusual, early-stage behavioral anomalies that could only be seen through the unique analytical lens of Interset, and drastically reduce the time it takes to uncover security incidents. With this new user context, the company quickly identified suspicious server access indicative of a compromised account, as well as various unusual behaviors resulting from a red team attack.

See a Demo

How Interset UEBA & CrowdStrike Falcon Work Together

Unusual Execution of Processes


Interset’s advanced user and entity behavioral analytics analyzes billions of events and shines a new light on user information—such as abnormal login frequency, date or time of work, unusual machines—in order to expose difficult-to-find threats. Combined with detailed and accurate data provided by CrowdStrike Falcon, Interset gives security teams the necessary context to detect the signs of compromised accounts, lateral movement, internal reconnaissance, or data exfiltration quickly and effectively.

Unusual Accesses and Authentications


Authentication activity, such as unusual remote accesses, can be indicative of attackers as they perform discovery activities targeting valid accounts, system network connections, files and directories, or many other similar techniques listed in the MITRE ATT&CK framework. Understanding the unique normal for all accounts is critical so that threat hunters can focus on behaviors that are truly unusual and don’t waste time exploring benign events.

Data Exfiltration


In large organizations, different job functions will result in unique behaviors in terms of risky data movement, such as saving to USB. For some, this may be normal based on their job roles. With the ability to understand what is uniquely normal for each and every user account, threat hunters looking for insider threats are able to focus their efforts on users who are behaving differently than they used to, or differently than their peers. Baselines that are automatically learned with unsupervised machine learning, and that are unique for each and every user, empower insider threat hunters with the tools to be targeted in their efforts.

Case Study White Paper

LEARN MORE:  INTERSET + CROWDSTRIKE

Detecting a Nation-State-Level Red TeamAttack with Interset UEBA for CrowdStrike

Interset’s user and entity behavioral analytics (UEBA) shines a new light on existing endpoint data to uncover difficult-to-find threats.

Download Datasheet

User and Entity Behavior Analytics for CrowdStrike

CrowdStrike EDR combined with Interset's advanced UEBA gives security teams the ability to now detect the signs of compromised accounts, lateral movement, internal recon, or data exfiltration quickly and effectively.

Download Datasheet

Learn more about Interset UEBA for CrowdStrike today

See a DemoRequest a Pilot