Insider Threat

Employees, contractors, partners, privileged users—all can become insider threats. They’re tough to spot, with devastating fallout if they succeed. The Interset Platform empowers security teams with sweeping visibility across endpoints, servers, networks, and even terabytes of log data. It’s the only threat detection platform that offers a complete picture of inside threats from backend to endpoint. Through machine-learning, Interset creates a holistic picture of normal processes. Upon spotting anomalous or high-risk activities, it connects these events to the users involved, increases their risk score (radically minimizing false-positive alerts), and presents the context of the incident in a clear, actionable, interactive interface. Interest detects and surfaces the insider threats and enables security teams to work more quickly and efficiently to mitigate them.

Privileged Account Monitoring

High-visibility incidents involving Edward Snowden and others have reminded us how blind we are to the actions of privileged accounts. If the employee is the threat or their account has been compromised, access available to this type of account can lead to significant loss. For each privileged account, Interset factors-in time, authentication, access, application usage, data movement, and more to baseline nearly 30 different types of behavior. When an account deviates from the norm, Interset’s analytics visualize a privileged user’s activity, factoring-out false positives through risk scores, then alerts security to take action.

Third-Party Monitoring

Data theft caused by the negligence or criminal behavior of partners and consultants is usually detected well after the damage has been done. The ability of existing security tools to monitor and detect bad activities by these users is nonexistent. Interset uniquely addresses this problem by applying behavioral analytics to the application logs of systems used by third parties: Source Code Management (SCM), Product Lifecycle Management (PLM), SharePoint, servers and file shares all capture events related to data access and usage. Interset calls out and visualizes high-risk activities for analysts, so they can stop bad behavior before a breach.

Targeted Attack

Today’s cyber-attacks regularly penetrate even sophisticated defense-in-depth perimeters. Companies must monitor these threats inside their networks. But sifting through massive amounts of event data currently yields mostly false positives. Built on a true big-data platform, Interset ingests and analyzes massive amounts of data to quickly and accurately surface attacks. Interset will detect, connect, and visualize an attack path—from compromised accounts to lateral movement, data reconnaissance, data staging, and data movement for exfiltration. With this context, Interset can surface attacks with speed, as they unfold. An analyst is immediately given incident visualizations and workflows to enable efficient validation, investigation, and response.

Optimize Existing Security Programs

Shortcomings in SIEM, DLP, IAM, and NAC products have created significant security gaps—too many false positives and overly complicated policy structures. Interset’s advanced analytics platform was created to maximize ROI by optimizing the effectiveness of existing security tools. Correlating data collected by these tools, it provides an enterprise-wide view of user and service accounts, authentication, and access at the system and application levels. The platform also lends insight into the access and movement of high-risk data, automatically feeding contextual data back into your SIEM or incident-response tool. And it can make API calls to activate IT controls in your authentication, DLP, or NAC systems.

Healthcare Compliance

HIPAA and HITECH have rigorous regulations for protecting Electronic Protected Health Information (ePHI). Security teams are challenged with being compliant across varied environments, while enabling hospitals, labs, and insurance companies to provide high standards of care. Interset was designed to correlate and analyze data from ePHI systems, endpoints, SIEM tools, and directories to offer real-time monitoring and threat detection never before available to healthcare providers. The analytics monitor all users, files, machines, and applications to surface risky behavior or policy violations. Its big-data architecture allows even the largest healthcare companies to gain visibility into threats. Meanwhile, compliance can easily be traced though historic monitoring reports covering access, usage, and movement of ePHI data.