Interset UEBA | Use Cases

Powered by machine learning and AI, Interset UEBA makes SOC teams more effective at threat hunting, triage, and investigation.

Insider Threat Detection

Employees, contractors, partners, and privileged users can all become insider threats. They’re tough to spot, with devastating fallout if they succeed. The Interset platform empowers security teams with visibility across endpoints, servers, networks, and even terabytes of log data.

Interset is the only threat detection platform that offers a complete picture of inside threats from backend to endpoint. Through machine learning, Interset creates a holistic picture of normal processes. Upon spotting anomalous or high-risk activities, it connects these events to the users involved, increases their risk score (radically minimizing false-positive alerts), and presents the incident’s context in a clear, actionable, interactive interface. Interset detects and surfaces insider threats while enabling security teams to work more quickly and efficiently to mitigate them.

Insider Threat Detection
Targeted Attack Detection

Today’s cyber attacks regularly penetrate even sophisticated, defense-in-depth perimeters. Companies must monitor these threats inside their networks. But sifting through massive amounts of event data usually yields mostly false positives. Built on a true big-data platform, Interset ingests and analyzes massive amounts of data to quickly and accurately surface attacks.

Interset will detect, connect, and visualize an attack path – from compromised accounts to lateral movement, data reconnaissance, data staging, and data movement for exfiltration. With this context, Interset can surface attacks with speed, as they unfold. An analyst is immediately given incident visualizations and workflows to enable efficient validation, investigation, and response.

Targeted Attack Detection
Sensitive Data and IP Protection

Many customers deploy Interset in a data-centric security program because the analytics provide risk-scoring for digital assets, including projects in repositories, shared drives, servers, etc.

Interset is also the only security analytics vendor to offer its own endpoint sensor, and to correlate endpoint data with backend repository and directory data. The platform uniquely addresses backend visibility problems by applying behavioral analytics to the application logs of IP repositories such as Source Code Management (SCM). Interset pinpoints high-risk activities for analysts so they can stop bad behavior before a breach.

Sensitive Data and IP Protection
Endpoint EDR

Endpoint detection and response (EDR) solutions provide the most detailed and accurate data for threat detection. Combined with UEBA that analyzes billions of endpoint events, security teams can detect the signs of compromised accounts, lateral movement, internal recon, or data exfiltration quickly and effectively. Interset UEBA shines a new light on user information such as abnormal login frequency, date or time of work, or unusual machines, adding valuable context to help detect difficult-to-find threats.  

Combine Interset’s UEBA with CrowdStrike’s rich endpoint data to swiftly uncover difficult-to-find threats, such as those from insiders or targeted attacks. This solution allows security operations centers to respond more seamlessly to threats by distilling billions of endpoint events into a list of prioritized leads, reducing alert fatigue and enabling them to focus on the threats that matter most.

Endpoint EDR
Optimizing Security Operations

Although cornerstones in today’s security operations centers, SIEM, DLP, IAM, and NAC products have created security gaps – too many false positives and overly complicated policy structures that reduce a security operations center’s ability to accurately detect, validate, and respond to threats. Analysts waste too much time guessing which is the true threat. Interset’s advanced analytics platform was created to maximize the effectiveness of existing security tools and optimize security operations.

Interset UEBA correlates data collected from existing security tools, such as ArcSight, to provide an enterprise-wide view of user and service accounts, authentication, and access at the system and application levels. The platform also lends insight into the access and movement of high-risk data, automatically feeding contextual data back into your SIEM or incident-response tool. And it can make API calls to activate IT controls in authentication, DLP, or NAC systems.

Optimizing Security Operations
Compromised Account Detection

Compromised accounts can happen as a result of phishing, malware, or a data breach. Attackers steal customer and employee credentials for financial gain, or to access sensitive data in other applications and networks. Driven by advanced machine learning, Interset’s platform utilizes more than 60 algorithms focused on compromised-account detection among user and service accounts. Interset is also the only security analytics product that can correlate indicators from endpoints, directories, ACL, and application logs from multiple code collaboration and version control software programs. This covers all types of account-focused attacks.

Interset’s expansive visibility empowers security teams to detect account compromises, connecting these attacks to related IOCs. In other words, it not only quickly and accurately surfaces threats, but it also goes a step further to provide the contextual information underlying an attack well before it reaches its target.

Compromised Account Detection
Threat Hunting Lead Generation

Interset will surface an attack before it reaches its target. But that’s just the start. It will then assist security analysts to validate that attack, integrate with the business’s incident-response process, and provide incident information to teams across their organization. The UI delivers a three-dimensional picture of an attack, critical to immediately understanding how to stop it. Entity-risk views provide analysts with visualizations of the attack timeline, risk trend, and new anomalies as an attack unfolds. The timeline view can also include alerts from other security products and threat intelligence information related to an attack. This optimizes the validation and response process.

The Interset platform includes Kibana/Elasticsearch open integration and has the ability to run historical analytics for any data in the Elasticsearch engine. Investigators and threat hunters have one-click access to deep event-level information for an incident. Additionally, the RESTful API and native integration with multiple downstream systems (e.g. DXL, Phantom, Splunk, etc.) optimize the response and investigation process, giving security teams the tools they need to stop an attack before data is compromised.

Threat Hunting Lead Generation
Privileged Account Monitoring

High-visibility incidents involving Edward Snowden and others have reminded us how blind we are to the actions of privileged accounts. If the employee is the threat, or their credentials have been compromised, access to this type of account can lead to a significant loss.

For each privileged account, Interset factors in behaviors such as time, authentication, access, application usage, and data movement to baseline nearly 30 different types of behavior. When an account deviates from its baselines, Interset’s analytics visualize a privileged user’s activity, factoring out false positives through risk scores, and then alerting security to take action.

Privileged Account Monitoring

Request a demo of Interset UEBA

What use cases are top of mind for your business? Schedule a demo with one of our security professionals to learn how Interset UEBA can give you the tools to supercharge your SOC

release-rel-2020-4-1-4118 | Wed Apr 1 02:00:21 PDT 2020
4118
release/rel-2020-4-1-4118
Wed Apr 1 02:00:21 PDT 2020