Context Is Key

The difference between a false positive and a true threat is in its context. Analysts must be able to dig into an event, validate that it’s a true threat, then decide how to respond. One click from Interset’s dashboard takes you to the details of any high-risk incident. Security investigators quickly and clearly understand who is involved, which data is at risk, and what actions occurred to make the event risky. With Interset, compromised accounts, data under threat, and even collaborators are quickly identified—with the who, what, where, and why clearly defined. Analysts can validate the incident and determine which response path they need to follow.

Beyond a User’s Behavior

User-based risk views alone do not visualize a threat. To understand what the true threat is and which actions need to be taken to stop it, investigators need to understand risk in terms of more than just users—which applications are being exploited, which data is being stolen, how the user is attempting to stage and exfiltrate the data. Interset uniquely offers these different risk views and the same detailed forensic-exploration capabilities from each risk vector.

The Need to Hunt Deep

In more sophisticated attacks and proactive threat-hunting, investigators need to move beyond contextual threat views, down to specific data-source events. But to be truly effective, hunters and investigators need the ability to query across data sources in context of accounts, machines, files, and applications. Interset integrates Hadoop, Elasticsearch, and Kibana to offer a powerful investigation and hunting interface. All ingested data sources can be queried to correlate use-authentication and access, file type, origination, a data asset’s chain of custody, and a variety of machine-, system-, and network-level forensics. Interset puts power into the hands of the analyst.

Enhancing Your Incident Response Process

All companies have defined incident-response processes. But due to a lack of integration and automation, they can often be slow and ineffective. Interset combines communications workflow, process workflow, and a RESTful API to enhance incident response and integrate cleanly into existing response processes. Its communications workflows automate the alerting process via text or email. The process workflows automate contextual-data exports to SIEMs, forensic tools, or evidence-collection tools—for high-risk incidents and for any user-defined set of activities related to compliance and privileged-user monitoring. Interset’s RESTful API automatically activates downstream IT control processes for any automatically or user-defined incident detected. Control-activation examples include re-authentication, access blocking, and DLP control activation.