Interset UEBA

Find unknown threats that may be hiding in your enterprise – before your data is stolen

Behavioral analytics transcends the focused nature of individual security tools to surface the underlying drivers of criminal minds.

Unique normal: The key to accurate insider threat detection

User and entity behavioral analytics (UEBA) creates an integrated view of cybersecurity risk generated by an entity‒a risky insider, an infected host, or a compromised account‒by mathematically measuring “unique normal” with contextual intelligence.

What kinds of threats does our behavioral analytics platform detect?

Behavioral analytics utilizing advanced mathematical models and unsupervised machine learning can help detect threats, including the following:

Play
Defense evasion
  • Unusual file or data activity
  • Unusual process activity
  • Unusual process relationships
Incremental
Persistence
  • Activity by a dormant account
  • Unusual logon activity
  • Unusual registry modifications
Gear/cog
Execution
  • Unusual ports or protocols
  • Unusual process activity
  • Unusual network activity
Certificate 1
Privilege escalation & credential access
  • Unusual authentications or accesses
  • Unusual files or data accessed
  • Unusual PowerShell activity
Eye
Discovery & lateral movement
  • Access to rare entities
  • Unusual authentications or accesses
  • Unusual HTTP Traffic
Box
Collection & exfiltration
  • Unusual files accessed
  • Unusual ports or protocols
  • Script or bot-like activity
What is behavioral analytics and why do I need it?

Behavioral analytics statistically discovers patterns that create unique digital fingerprints of all entities in an enterprise. Each entity – a person, machine, printer, website, IP address, etc. – exhibits certain characteristics of usage and operation. Understanding the unique, normal characteristics of each entity is necessary to detect abnormalities. In cybersecurity, behavioral analytics is known as security analytics and UEBA.

No two cyber attack vectors are the same. At the same time, existing tools generate a flood of alerts that are overwhelming security operations center (SOC) resources. Behavioral analytics powered by unsupervised machine learning provide defenders with the tools to augment existing data and a prioritized list of threats that matter.

What is "unique normal"?

“Unique normal” is the individual digital fingerprint of each entity. Each individual user, machine, IP address, printer, website, etc., have unique patterns of access and operation. This baseline of “unique normal” can then be continuously compared to itself over time to see aberrations.

Interset continuously measures “unique normal” for the following entities types, as well as for its relationship to every other entity: users, machines, IP address, projects, resources, services, shares, websites, volumes, and printers.

What Is Unique Normal
Why "unique normal" matters and how it's measured.

Just as every human is unique, so is each entity. Anomaly detection algorithms that expect the same patterns from all entities results in a flood of ineffective false positives. The accuracy of a UEBA solution requires precise measurement of how a unique entity behaves and requires the scalability of machine learning.

The only practical, scalable, and accurate method for measurement of “unique normal” across an enterprise requires unsupervised machine learning technology, a type of artificial intelligence (AI) that automatically discovers patterns from limited datasets. Unlike supervised machine learning, unsupervised machine learning does not require labels (i.e. a “dictionary” for the machine to learn from). Since there is no textbook definition of normal that applies to all entities, only unsupervised machine learning can accurately measure “unique normal.”

Why does the math matter? Everyone has AI.

Many vendors claim to leverage AI, but the truth is that not everyone actually employs true AI technology. Even within AI, there are many different options, and not all are effective for the problem at hand. The AI techniques utilized to detect modern cybersecurity threats must be able to adapt to the continuously changing cyberattacks, and unsupervised machine learning is a key component of this capability.

Advanced mathematical models measure an entity’s behavior against both unique individuals and mathematically peer group baselines for more accurate threat detection. The analytical models leverage a native big data storage and computer architecture for scalable incorporation of broader contextual information for increased accuracy and a more complete view of risk. Interset’s principled math provides a library of more than 350 proven machine learning and advanced analytical models. These models enable self-learning, consider both events and entities, and create an incredibly accurate way to detect, connect, and quantify high-risk behaviors.

Our principled machine learning approach and advanced analytics framework have been vetted with the utmost scrutiny, as evidenced by our partnership with In-Q-Tel.

How does Interset help my security posture?
how Interset protects

How do I evaluate a UEBA product or vendor?

There are multiple factors to consider when selecting a UEBA product or vendor, such as:

  • Advanced, proven mathematical approaches with meaningful results. Anomaly models should identify normal behaviors for every entity, allowing the models to detect deviations from historical behavior or statistical peer groups accurately. Behaviors can then be weighed to create aggregated risk scores and identify high-risk combinations that indicate real threats. Learn more about mathematical analysis.
  • Online unsupervised machine learning. Unsupervised machine learning discovers new patterns without relying on humans to “teach” the machine what to look for. Interset’s models also learn “online,” which means that the models learn from the data in your environment, giving you the precision that you need as every organization, every division, and every employee is different. Further, aas your organization changes, these models also change into order to detect threats effectively. Learn more about unsupervised machine learning.
  • Open inbound and outbound integration. Open inbound integrations enable the broadest amount of data for the contextual data analysis necessary for accurate threat detection. Open outbound integrations enable actionable intelligence, orchestration, and automated responses.
  • Big data storage and compute capability. A solution that, from the beginning, has been built on a big data storage and compute foundation is the only scalable option for measuring “unique normal” across millions of entities and distilling billions of events into a handful of prioritized threat leads.

Request a demo of Interset UEBA

Interset's behavioral analytics uses advanced mathematics and unsupervised machine learning to help detect unknown threats. Schedule a demo today to see it in action.

release-rel-2019-11-1-3171 | Wed Nov 13 04:28:31 PST 2019
3171
release/rel-2019-11-1-3171
Wed Nov 13 04:28:31 PST 2019