With over 12,000 internal users accessing sensitive patient data, this organization had to face the reality of potential insider threats to their data security. Its security operations center (SOC) already deployed hypothesis-based threat hunting where an actionable hypothesis is created, executed, and tested to completion. This method aims to connect the dots, determine what’s normal and what’s not, and identify anomalies. Its Chief Information Security Officer (CISO) explains what he would prefer: “Instead of managing a flood of distracting false positives derived from hypothesis-based threat hunting, we felt we could augment our hunting efforts better by creating more accurate behavioral intelligence-based hypotheses.”
Micro Focus ArcSight Intelligence provides a contextualized view of the riskiest behaviors in the enterprise and gives SOC teams the right tools to visualize and investigate threats. It links unusual behavior with real threats by using statistical probability and unsupervised machine learning to identify the most suspicious entities.